CVE-2012-5417

Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924.

Published: Nov 2, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-5417
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
cisco / prime_data_center_network_manager	5.0(3)	5.0(3).x
cisco / prime_data_center_network_manager	6.1(1a)	6.1(1a).x
cisco / prime_data_center_network_manager	5.2(2a)	5.2(2a).x
cisco / prime_data_center_network_manager	4.1(3)	4.1(3).x
cisco / prime_data_center_network_manager	5.1(1)	5.1(1).x
cisco / prime_data_center_network_manager	4.1(2)	4.1(2).x
cisco / prime_data_center_network_manager	5.2(2e)	5.2(2e).x
cisco / prime_data_center_network_manager	5.2(2)	5.2(2).x
cisco / prime_data_center_network_manager	6.1(1b)	6.1(1b).x
cisco / prime_data_center_network_manager	5.2(2b)	5.2(2b).x
cisco / prime_data_center_network_manager	5.1(2)	5.1(2).x
cisco / prime_data_center_network_manager	5.2(2c)	5.2(2c).x
cisco / prime_data_center_network_manager	4.1(5)	4.1(5).x
cisco / prime_data_center_network_manager	5.1(3u)	5.1(3u).x
cisco / prime_data_center_network_manager	4.2(3)	4.2(3).x
cisco / prime_data_center_network_manager	5.0(2)	5.0(2).x
cisco / prime_data_center_network_manager	4.2(1)	4.2(1).x
cisco / prime_data_center_network_manager	4.1(4)	4.1(4).x

Vulnerability Database

289,697

CVE-2012-5417