This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
A network management system on the remote host is affected by multiple
According to its self-reported version number, the version of Cisco
Prime Data Center Network Manager (DCNM) installed on the remote host
is affected by multiple vulnerabilities :
- Multiple remote command execution vulnerabilities exist
in the DCNM-SAN Server component. (CVE-2013-5486)
- An information disclosure vulnerability exists in the
DCMN-SAN Server component that could allow an attacker
to view arbitrary files on the system. (CVE-2013-5487)
- A XML external entity injection vulnerability exists
that could allow an attacker to access arbitrary text
files on the system with root privileges.
This plugin determines if DCNM is vulnerable by checking the version
number displayed in the web interface. The web interface is not
available in older versions of DCNM.
See also :
Upgrade to Cisco Prime Data Center Network Manager 6.2(1) or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : true
Nessus Plugin ID: 70166 ()
Bugtraq ID: 624836248462485
CVE ID: CVE-2013-5486CVE-2013-5487CVE-2013-5490
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.