CVE-2015-0666

CVSS 7.5 HIGHEPSS 40.6%● KEVCWE-22

In short

A flaw in Cisco Prime DCNM allows attackers to read any file on the server by using specially crafted file paths. This is dangerous because sensitive information like configuration files or passwords could be exposed.

Technical detail

Directory traversal vulnerability in the fmserver servlet permits unauthenticated remote attackers to bypass path validation and access arbitrary files on the system via manipulated pathname parameters. Exploitation requires network access to the vulnerable servlet and affects Cisco Prime DCNM versions prior to 7.1(1), potentially exposing sensitive data stored on the server.

Summary generated and translated by AI from the official description.

Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-0666 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm http://www.securitytracker.com/id/1032009