Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiSteven Seeley (mr_me) of Source InciteZDI-20-103
HistoryJan 03, 2020 - 12:00 a.m.

Cisco Data Center Network Manager AFW Image Upload Directory Traversal Remote Code Execution Vulnerability

2020-01-0300:00:00
Steven Seeley (mr_me) of Source Incite
www.zerodayinitiative.com
16

EPSS

0.163

Percentile

96.1%

JSON

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processing of requests to the upload endpoint. When parsing the file parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of root.

Related

nvd 1
cvelist 1
prion 1
cve 1
cisco 1
nessus 1
nvd
nvd
CVE-2019-15982
2020-01-06 08:15:11
cvelist
cvelist
CVE-2019-15982 Cisco Data Center Network Manager Path Traversal Vulnerabilities
2020-01-06 07:45:35
prion
prion
Directory traversal
2020-01-06 08:15:00
cve
cve
CVE-2019-15982
2020-01-06 08:15:11
cisco
cisco
Cisco Data Center Network Manager Path Traversal Vulnerabilities
2020-01-02 16:00:00
nessus
nessus
Cisco Data Center Network Manager < 11.3(1) Multiple Vulnerabilities
2020-01-09 00:00:00

EPSS

0.163

Percentile

96.1%

JSON
Related for ZDI-20-103
nvd1cvelist1prion1cve1cisco1nessus1