Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:CISCO:CISCO-DCNM-FUPLD

Severity

 Major

Recommended

 No

Category

 HTTP

Keywords

 Cisco Prime Data Center Network Manager fileUpload Arbitrary File Upload

Release Date

 2019/07/11

Update Number

 3188

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Cisco Prime Data Center Network Manager fileUpload Arbitrary File Upload


This signature detects attempts to exploit a known vulnerability in the Cisco DCNM. A successful attack can lead to arbitrary file uploads resulting in Remote Code Execution.

Extended Description

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device.

Affected Products

  • Cisco data_center_network_manager 11.0(1)

References

  • BugTraq: 108906
  • CVE: CVE-2019-1620
  • URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-codex

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out