Cisco Data Center Network Manager CVE-2018-0464 Directory Traversal Vulnerability

Cisco Data Center Network Manager is prone to a directory-traversal vulnerability.

A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information.

This issue is being tracked by Cisco Bug ID CSCvj86072.

Information

Bugtraq ID: 105159
Class: Input Validation Error
CVE: CVE-2018-0464

Remote: Yes
Local: No
Published: Aug 28 2018 12:00AM
Updated: Aug 28 2018 12:00AM
Credit: Tenable, Inc.
Vulnerable: Cisco Prime Data Center Network Manager (DCNM) 7.1(1)
Cisco Prime Data Center Network Manager (DCNM) 7.0(2)
Cisco Prime Data Center Network Manager (DCNM) 7.0(1)
Cisco Prime Data Center Network Manager (DCNM) 6.3(2)
Cisco Prime Data Center Network Manager (DCNM) 6.3(1)
Cisco Prime Data Center Network Manager (DCNM) 10.3(1)
Cisco Prime Data Center Network Manager (DCNM) 10.2
Cisco Prime Data Center Network Manager (DCNM) 10.1
Cisco Prime Data Center Network Manager (DCNM) 10.0

Not Vulnerable: Cisco Data Center Network Manager (DCNM) 11.0(1)

Exploit

An attacker can exploit this issue using a web browser.

References:

Cisco Homepage (Cisco )
cisco-sa-20180828-dcnm-traversal: Cisco Data Center Network Manager Path Traver (Cisco)

Source: www.securityfocus.com

Exploit Collector

Search Exploit