Directory Traversal Vulnerability in Cisco Prime Data Center Network Manager
CVE-2015-0666

Currently unrated

Key Information:

Vendor: Cisco
Status: Prime Data Center Network Manager
Vendor: CVE Published:; 3 April 2015

Badges

👾 Exploit Exists🟣 EPSS 77%🦅 CISA Reported

What is CVE-2015-0666?

A directory traversal vulnerability exists in the fmserver servlet of Cisco Prime Data Center Network Manager (DCNM) before version 7.1(1). This flaw allows remote attackers to exploit the system by crafting specific pathnames, enabling unauthorized reading of arbitrary files. Such vulnerabilities pose significant risks as they can potentially lead to the exposure of sensitive data and system configuration. Organizations utilizing this product should review the advisory from Cisco and apply the necessary updates to mitigate potential threats.

CISA has reported CVE-2015-0666

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2015-0666 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

References

http://www.securitytracker.com/id/1032009

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

EPSS Score

77% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 25, 2022
🦅
CISA Reported
Mar 25, 2022
Vulnerability published
Apr 3, 2015
Vulnerability Reserved
Jan 7, 2015