Cisco Data Center Network Manager is prone to a directory-traversal vulnerability.
A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information.
This issue is being tracked by Cisco Bug ID CSCvj86072.
Information
Bugtraq ID: 105159Class: Input Validation Error
CVE: CVE-2018-0464
Remote: Yes
Local: No
Published: Aug 28 2018 12:00AM
Updated: Aug 28 2018 12:00AM
Credit: Tenable, Inc.
Vulnerable: Cisco Prime Data Center Network Manager (DCNM) 7.1(1)
Cisco Prime Data Center Network Manager (DCNM) 7.0(2)
Cisco Prime Data Center Network Manager (DCNM) 7.0(1)
Cisco Prime Data Center Network Manager (DCNM) 6.3(2)
Cisco Prime Data Center Network Manager (DCNM) 6.3(1)
Cisco Prime Data Center Network Manager (DCNM) 10.3(1)
Cisco Prime Data Center Network Manager (DCNM) 10.2
Cisco Prime Data Center Network Manager (DCNM) 10.1
Cisco Prime Data Center Network Manager (DCNM) 10.0
Not Vulnerable: Cisco Data Center Network Manager (DCNM) 11.0(1)
Exploit
An attacker can exploit this issue using a web browser.
References: