CVE-2015-0666

CVSS 7.5 HIGHEPSS 40.6%● KEVCWE-22

Vexday Risk Score

63High priority

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 7.5EPSS 40.6%KEV simPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

03 Apr 2015Published on NVD

25 Mar 2022Active exploitation (CISA KEV)

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

A flaw in Cisco Prime DCNM allows attackers to read any file on the server by using specially crafted file paths. This is dangerous because sensitive information like configuration files or passwords could be exposed.

Technical detail

Directory traversal vulnerability in the fmserver servlet permits unauthenticated remote attackers to bypass path validation and access arbitrary files on the system via manipulated pathname parameters. Exploitation requires network access to the vulnerable servlet and affects Cisco Prime DCNM versions prior to 7.1(1), potentially exposing sensitive data stored on the server.

Summary generated and translated by AI from the official description.

Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-0666 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm http://www.securitytracker.com/id/1032009