CVE-2015-0666

Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.

Published: Apr 3, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-0666
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
cisco / prime_data_center_network_manager	6.3(1)	6.3(1).x
cisco / prime_data_center_network_manager	6.3(2)	6.3(2).x
cisco / prime_data_center_network_manager	7.0(1)	7.0(1).x
cisco / prime_data_center_network_manager	-	7.0\(2\).x

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm
http://www.securitytracker.com/id/1032009

Vulnerability Database

289,599

CVE-2015-0666