Role-Based Access Control Flaw in Cisco Prime Data Center Network Manager
CVE-2017-6639

9.8CRITICAL

Key Information:

Vendor
Cisco
Status
Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability
Vendor
CVE Published:
8 June 2017

Summary

A significant vulnerability in Cisco Prime Data Center Network Manager's RBAC functionality enables unauthenticated remote attackers to access sensitive information and execute arbitrary code with root privileges. This issue arises from the presence of a debugging tool that lacks proper authentication and authorization mechanisms, which was mistakenly left enabled. Exploitation of this vulnerability allows an attacker to remotely connect to the debugging tool via TCP, potentially compromising system integrity and confidentiality.

Affected Version(s)

Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability

References

http://www.securitytracker.com/id/1038626
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/98935
vdb-entryx_refsource_BID

EPSS Score

52% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.