Lucene search
Andrea Micalizzi (rgod)ZDI-15-111HistoryApr 03, 2015 - 12:00 a.m.
Cisco Data Center Network Manager FileServlet Information Disclosure Vulnerability
2015-04-0300:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
11
EPSS
0.973
Percentile
99.9%
This vulnerability allows remote attackers to read arbitrary files, and bypass authentication, on a system with vulnerable installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the fmserver servlet which is vulnerable to a directory traversal. An attacker can leverage this vulnerability to read arbitrary files, including operating system files, as the service is installed with SYSTEM privileges by default. An attacker can also bypass webapp authentication because the application writes access tokens to the filesystem, which can be read.
Related
prion
prion
Directory traversal
2015-04-03 10:59:00
attackerkb
attackerkb
CVE-2015-0666
2015-04-03 00:00:00
nvd
nvd
CVE-2015-0666
2015-04-03 10:59:04
cve
cve
CVE-2015-0666
2015-04-03 10:59:04
openvas
openvas
Cisco Data Center Network Manager Directory Traversal Vulnerability
2015-04-14 00:00:00
cisco
cisco
nessus
nessus
securityvulns
securityvulns
Cisco Prime Data Center Network Manager directory traversal
2015-04-09 00:00:00
cvelist
cvelist
CVE-2015-0666
2015-04-03 10:00:00
cisa_kev
cisa_kev