Cisco Prime Data Center Network Manager < 11.0(1) Download Servlet Path Traversal Vulnerability
Medium Nessus Plugin ID 112019
SynopsisA network management system running on the remote host is affected by a path traversal vulnerability.
DescriptionAccording to its self-reported version number, the Cisco Prime Data Center Network Manager (DCNM) installed on the remote host is prior to 11.0(1). It is, therefore, affected by a path traversal vulnerability in the Download servlet. An authenticated, remote attacker can exploit this, via a specially craft HTTP request, to read arbitrary files and create arbitrary directories.
Note that this plugin determines if DCNM is vulnerable by checking the version number displayed in the web interface. However, the web interface is not available in older versions of DCNM.
SolutionUpgrade to Cisco Prime Data Center Network Manager version 11.0(1) or later.