Cisco Prime Data Center Network Manager RMI Remote Code Execution (uncredentialed check)
Critical Nessus Plugin ID 67247
SynopsisA network management system installed on the remote host is affected by a remote code execution vulnerability.
DescriptionAccording to its self-reported version number, the version of Cisco Prime Data Center Network Manager (DCNM) installed on the remote host is affected by a remote code execution vulnerability. Unauthorized users have access to the JBoss Application Server Remote Method Invocation services. A remote, unauthenticated attacker could exploit this to execute arbitrary code as SYSTEM (on Windows) or root (on Linux).
This plugin determines if DCNM is vulnerable by checking the version number displayed in the web interface. The web interface is not available in older versions of DCNM.
SolutionUpgrade to Cisco Prime Data Center Network Manager 6.1(2) or later.