Cisco Prime Data Center Network Manager < 6.2(1) Multiple Vulnerabilities (credentialed check)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

A network management system on the remote host is affected by multiple
vulnerabilities.

Description :

According to its self-reported version number, the version of Cisco
Prime Data Center Network Manager (DCNM) installed on the remote host
is affected by multiple vulnerabilities :

- Multiple remote command execution vulnerabilities exist
in the DCNM-SAN Server component. (CVE-2013-5486)

- An information disclosure vulnerability exists in the
DCMN-SAN Server component that could allow attackers to
view arbitrary files on the system. (CVE-2013-5487)

- A XML external entity injection vulnerability exists
that could allow an attacker to access arbitrary text
files on the system with root privileges.
(CVE-2013-5490)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-13-254/
http://www.zerodayinitiative.com/advisories/ZDI-13-255/
http://www.zerodayinitiative.com/advisories/ZDI-13-256/
http://www.nessus.org/u?cdbea5b4

Solution :

Upgrade to Cisco Prime Data Center Network Manager 6.2(1) or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 70167 ()

Bugtraq ID: 62483
62484
62485

CVE ID: CVE-2013-5486
CVE-2013-5487
CVE-2013-5490