Cisco Prime Data Center Network Manager < 11.0(1) Download Servlet Path Traversal Vulnerability
Medium Nessus Plugin ID 112019
SynopsisA network management system running on the remote host is affected by
a path traversal vulnerability.
DescriptionAccording to its self-reported version number, the Cisco Prime Data
Center Network Manager (DCNM) installed on the remote host is prior
to 11.0(1). It is, therefore, affected by a path traversal
vulnerability in the Download servlet. An authenticated, remote
attacker can exploit this, via a specially craft HTTP request, to
read arbitrary files and create arbitrary directories.
Note that this plugin determines if DCNM is vulnerable by checking the
version number displayed in the web interface. However, the web
interface is not available in older versions of DCNM.
SolutionUpgrade to Cisco Prime Data Center Network Manager version 11.0(1) or