This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
A network management system on the remote host is affected by multiple
According to its self-reported version number, the version of Cisco
Prime Data Center Network Manager (DCNM) installed on the remote host
is affected by multiple vulnerabilities :
- Multiple remote command execution vulnerabilities exist
in the DCNM-SAN Server component. (CVE-2013-5486)
- An information disclosure vulnerability exists in the
DCMN-SAN Server component that could allow an attacker
to view arbitrary files on the system. (CVE-2013-5487)
- A XML external entity injection vulnerability exists
that could allow an attacker to access arbitrary text
files on the system with root privileges.
This plugin determines if DCNM is vulnerable by checking the version
number displayed in the web interface. The web interface is not
available in older versions of DCNM.
See also :
Upgrade to Cisco Prime Data Center Network Manager 6.2(1) or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : true