CISCO Prime DCNM File Information Disclosure Vulnerability - 20230117002

Overview

Cisco Prime Data Center Network Manager (DCNM) contains a vulnerability in the fmserver servlet of Cisco Prime Data Center Network Manager which could allow an unauthenticated, remote attacker to retrieve arbitrary files from the filesystem.

An attacker could exploit this vulnerability by executing a directory traversal attack on an affected system to disclose arbitrary file contents on the underlying operating system that hosts the Cisco Prime DCNM application.

What is the vulnerability ?

CVE-2015-0666 - CVSS Score 7.8

What is vulnerable ?

Cisco Prime DCNM releases 6.3(1) and later, prior to release 7.1(1), for both the Microsoft Windows and Linux platforms, are affected by this vulnerability.

CISCO has provided notes to determine the Cisco Prime DCNM release that is running in their article below.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm