ID

VAR-201309-0430


CVE

CVE-2013-5490


TITLE

Cisco Prime Data Center Network Manager Vulnerable to reading arbitrary text files

Trust: 0.8

sources: JVNDB: JVNDB-2013-004279

DESCRIPTION

Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148. In this case, XML External entity (XXE) Vulnerability related to the problem. An attacker can exploit this issue to gain access to arbitrary text files on the underlying operating system with root privileges. Information obtained may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCud80148. The manager provides multi-protocol management of the network and provides troubleshooting capabilities for switch health and performance

Trust: 1.98

sources: NVD: CVE-2013-5490 // JVNDB: JVNDB-2013-004279 // BID: 62485 // VULHUB: VHN-65492

AFFECTED PRODUCTS

vendor:ciscomodel:prime data center network managerscope:eqversion:4.2\(3\)

Trust: 1.6

vendor:ciscomodel:prime data center network managerscope:eqversion:5.0\(3\)

Trust: 1.6

vendor:ciscomodel:prime data center network managerscope:eqversion:5.1\(3u\)

Trust: 1.6

vendor:ciscomodel:prime data center network managerscope:eqversion:5.1\(1\)

Trust: 1.6

vendor:ciscomodel:prime data center network managerscope:eqversion:5.0\(2\)

Trust: 1.6

vendor:ciscomodel:prime data center network managerscope:eqversion:4.1\(4\)

Trust: 1.6

vendor:ciscomodel:prime data center network managerscope:eqversion:5.1\(2\)

Trust: 1.6

vendor:ciscomodel:prime data center network managerscope:eqversion:5.2\(2\)

Trust: 1.6

vendor:ciscomodel:prime data center network managerscope:eqversion:4.1\(5\)

Trust: 1.6

vendor:ciscomodel:prime data center network managerscope:eqversion:4.2\(1\)

Trust: 1.6

vendor:ciscomodel:prime data center network managerscope:eqversion:4.1\(2\)

Trust: 1.0

vendor:ciscomodel:prime data center network managerscope:eqversion:5.2\(2a\)

Trust: 1.0

vendor:ciscomodel:prime data center network managerscope:eqversion:5.2\(2e\)

Trust: 1.0

vendor:ciscomodel:prime data center network managerscope:lteversion:6.1\(1b\)

Trust: 1.0

vendor:ciscomodel:prime data center network managerscope:eqversion:6.1\(1a\)

Trust: 1.0

vendor:ciscomodel:prime data center network managerscope:eqversion:5.2\(2b\)

Trust: 1.0

vendor:ciscomodel:prime data center network managerscope:eqversion:4.1\(3\)

Trust: 1.0

vendor:ciscomodel:prime data center network managerscope:eqversion:6.1\(1b\)

Trust: 1.0

vendor:ciscomodel:prime data center network managerscope:eqversion:5.2\(2c\)

Trust: 1.0

vendor:ciscomodel:prime data center network managerscope:ltversion:6.2(1)

Trust: 0.8

sources: JVNDB: JVNDB-2013-004279 // CNNVD: CNNVD-201309-372 // NVD: CVE-2013-5490

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5490
value: HIGH

Trust: 1.0

NVD: CVE-2013-5490
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201309-372
value: HIGH

Trust: 0.6

VULHUB: VHN-65492
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-5490
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65492
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65492 // JVNDB: JVNDB-2013-004279 // CNNVD: CNNVD-201309-372 // NVD: CVE-2013-5490

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-65492 // JVNDB: JVNDB-2013-004279 // NVD: CVE-2013-5490

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-372

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201309-372

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:cisco:prime_data_center_network_manager"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2013-004279

PATCH

title:30682url:http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=30682

Trust: 0.8

title:cisco-sa-20130918-dcnmurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm

Trust: 0.8

title:30758url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30758

Trust: 0.8

title:cisco-sa-20130918-dcnmurl:http://www.cisco.com/cisco/web/support/JP/111/1119/1119892_cisco-sa-20130918-dcnm-j.html

Trust: 0.8

sources: JVNDB: JVNDB-2013-004279

EXTERNAL IDS

db:NVDid:CVE-2013-5490

Trust: 2.8

db:BIDid:62485

Trust: 2.0

db:JVNDBid:JVNDB-2013-004279

Trust: 0.8

db:CNNVDid:CNNVD-201309-372

Trust: 0.7

db:CISCOid:20130918 MULTIPLE VULNERABILITIES IN CISCO PRIME DATA CENTER NETWORK MANAGER

Trust: 0.6

db:VULHUBid:VHN-65492

Trust: 0.1

sources: VULHUB: VHN-65492 // BID: 62485 // JVNDB: JVNDB-2013-004279 // CNNVD: CNNVD-201309-372 // NVD: CVE-2013-5490

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130918-dcnm

Trust: 2.0

url:http://www.securityfocus.com/bid/62485

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/87191

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5490

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5490

Trust: 0.8

url:http://www.cisco.com/en/us/products/ps9369/index.html

Trust: 0.3

url:http://tools.cisco.com/security/center/viewalert.x?alertid=30758

Trust: 0.3

sources: VULHUB: VHN-65492 // BID: 62485 // JVNDB: JVNDB-2013-004279 // CNNVD: CNNVD-201309-372 // NVD: CVE-2013-5490

CREDITS

Ben Williams of NCC Group

Trust: 0.9

sources: BID: 62485 // CNNVD: CNNVD-201309-372

SOURCES

db:VULHUBid:VHN-65492
db:BIDid:62485
db:JVNDBid:JVNDB-2013-004279
db:CNNVDid:CNNVD-201309-372
db:NVDid:CVE-2013-5490

LAST UPDATE DATE

2024-11-23T22:08:29.484000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-65492date:2017-08-29T00:00:00
db:BIDid:62485date:2013-09-18T00:00:00
db:JVNDBid:JVNDB-2013-004279date:2013-09-25T00:00:00
db:CNNVDid:CNNVD-201309-372date:2013-09-24T00:00:00
db:NVDid:CVE-2013-5490date:2024-11-21T01:57:34.620

SOURCES RELEASE DATE

db:VULHUBid:VHN-65492date:2013-09-23T00:00:00
db:BIDid:62485date:2013-09-18T00:00:00
db:JVNDBid:JVNDB-2013-004279date:2013-09-25T00:00:00
db:CNNVDid:CNNVD-201309-372date:2013-09-24T00:00:00
db:NVDid:CVE-2013-5490date:2013-09-23T10:18:59.190