CVE-2015-0666

Published Apr 3, 2015

Last updated 2 months ago

Exploit known CVSS info 7.8

Overview

Description: Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.
Source: ykramarz@cisco.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:N/A:N

Known exploits

Data from CISA

Vulnerability name: Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability
Exploit added on: Mar 25, 2022
Exploit action due: Apr 15, 2022
Required action: Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BB2EE71-CB83-440B-8AFF-52E71B97F136",
            "versionEndIncluding": "7.0\\(2\\)"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.3\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3918F70A-ECDC-4DC2-B8B1-9520D71FB869"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.3\\(2\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37ADE3EF-35D8-4F7C-8119-7D541A0E68B7"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:7.0\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D80A701-8682-4F87-98ED-43ED91870D08"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Known exploits

Weaknesses

Social media

Configurations

References