Details of VAR-201309-0452

ID

VAR-201309-0452

CVE

CVE-2013-5486

TITLE

Cisco Prime Data Center Network Manager Multiple Remote Command Execution Vulnerabilities

Trust: 0.9

sources: BID: 62484 // CNNVD: CNNVD-201309-371

DESCRIPTION

Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality. Vendors have confirmed this vulnerability Bug ID CSCue77035 and CSCue77036 It is released as. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processImageSave_jsp servlet which contains an arbitrary file creation vulnerability. When the 'mode' argument of a GET request is set to 'save', a remote attacker can specify other arguments that allow for control of the data and location of the file. A remote attacker can abuse this to execute remote code under the context of the SYSTEM user. Multiple arguments of a multipart form request are vulnerable to directory traversal attacks. These issues are tracked by Cisco Bug IDs CSCue77035 and CSCue77036. The manager provides multi-protocol management of the network and provides troubleshooting capabilities for switch health and performance. These vulnerabilities are caused by the program not adequately filtering the data submitted by users. Successful exploitation could result in complete control of the system

Trust: 3.24

sources: NVD: CVE-2013-5486 // JVNDB: JVNDB-2013-004277 // ZDI: ZDI-13-254 // ZDI: ZDI-13-255 // BID: 62484 // VULHUB: VHN-65488

AFFECTED PRODUCTS

vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.2\(3\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	6.1\(1a\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.1\(4\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.1\(3\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.2\(2\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.1\(5\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	6.1\(1b\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.2\(1\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.1\(2\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.2\(2e\)	Trust: 1.6
vendor:	cisco	model:	data center network manager	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.2\(2a\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.1\(2\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.1\(1\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	lte	version:	6.1\(1b\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.0\(3\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.2\(2c\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.2\(2b\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.1\(3u\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.0\(2\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	lt	version:	6.2(1)	Trust: 0.8

sources: ZDI: ZDI-13-254 // ZDI: ZDI-13-255 // JVNDB: JVNDB-2013-004277 // CNNVD: CNNVD-201309-371 // NVD: CVE-2013-5486

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2013-5486
value:	HIGH
Trust: 1.4
nvd@nist.gov:	CVE-2013-5486
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5486
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201309-371
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-65488
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5486
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 3.2
VULHUB:	VHN-65488
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: ZDI: ZDI-13-254 // ZDI: ZDI-13-255 // VULHUB: VHN-65488 // JVNDB: JVNDB-2013-004277 // CNNVD: CNNVD-201309-371 // NVD: CVE-2013-5486

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-65488 // JVNDB: JVNDB-2013-004277 // NVD: CVE-2013-5486

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-371

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201309-371

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004277

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-65488

PATCH

title:	cisco-sa-20130918-dcnm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm	Trust: 2.2
title:	30682	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=30682	Trust: 0.8
title:	30757	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30757	Trust: 0.8
title:	cisco-sa-20130918-dcnm	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119892_cisco-sa-20130918-dcnm-j.html	Trust: 0.8

sources: ZDI: ZDI-13-254 // ZDI: ZDI-13-255 // JVNDB: JVNDB-2013-004277

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5486	Trust: 4.2
db:	EXPLOIT-DB	id:	30008	Trust: 1.1
db:	BID	id:	62484	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-004277	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-1766	Trust: 0.7
db:	ZDI	id:	ZDI-13-254	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-1767	Trust: 0.7
db:	ZDI	id:	ZDI-13-255	Trust: 0.7
db:	CISCO	id:	20130918 MULTIPLE VULNERABILITIES IN CISCO PRIME DATA CENTER NETWORK MANAGER	Trust: 0.6
db:	CNNVD	id:	CNNVD-201309-371	Trust: 0.6
db:	SEEBUG	id:	SSVID-83476	Trust: 0.1
db:	PACKETSTORM	id:	124245	Trust: 0.1
db:	VULHUB	id:	VHN-65488	Trust: 0.1

sources: ZDI: ZDI-13-254 // ZDI: ZDI-13-255 // VULHUB: VHN-65488 // BID: 62484 // JVNDB: JVNDB-2013-004277 // CNNVD: CNNVD-201309-371 // NVD: CVE-2013-5486

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130918-dcnm	Trust: 3.1
url:	http://www.exploit-db.com/exploits/30008	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5486	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5486	Trust: 0.8
url:	http://www.securityfocus.com/bid/62484	Trust: 0.6

sources: ZDI: ZDI-13-254 // ZDI: ZDI-13-255 // VULHUB: VHN-65488 // JVNDB: JVNDB-2013-004277 // CNNVD: CNNVD-201309-371 // NVD: CVE-2013-5486

CREDITS

Andrea Micalizzi aka rgod

Trust: 1.4

sources: ZDI: ZDI-13-254 // ZDI: ZDI-13-255

SOURCES

db:	ZDI	id:	ZDI-13-254
db:	ZDI	id:	ZDI-13-255
db:	VULHUB	id:	VHN-65488
db:	BID	id:	62484
db:	JVNDB	id:	JVNDB-2013-004277
db:	CNNVD	id:	CNNVD-201309-371
db:	NVD	id:	CVE-2013-5486

LAST UPDATE DATE

2024-11-23T22:08:29.517000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-13-254	date:	2013-11-24T00:00:00
db:	ZDI	id:	ZDI-13-255	date:	2013-11-24T00:00:00
db:	VULHUB	id:	VHN-65488	date:	2016-09-16T00:00:00
db:	BID	id:	62484	date:	2013-12-10T00:46:00
db:	JVNDB	id:	JVNDB-2013-004277	date:	2014-02-26T00:00:00
db:	CNNVD	id:	CNNVD-201309-371	date:	2013-10-08T00:00:00
db:	NVD	id:	CVE-2013-5486	date:	2024-11-21T01:57:34.113

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-13-254	date:	2013-11-24T00:00:00
db:	ZDI	id:	ZDI-13-255	date:	2013-11-24T00:00:00
db:	VULHUB	id:	VHN-65488	date:	2013-09-23T00:00:00
db:	BID	id:	62484	date:	2013-09-18T00:00:00
db:	JVNDB	id:	JVNDB-2013-004277	date:	2013-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201309-371	date:	2013-09-24T00:00:00
db:	NVD	id:	CVE-2013-5486	date:	2013-09-23T10:18:59.157