Main Vulnerability Database SB2018082903

SB2018082903 - Path traversal in Cisco Data Center Network Manager

Published: August 29, 2018

Security Bulletin ID SB2018082903

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Path traversal (CVE-ID: CVE-2018-0464)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote authenticated attacker to conduct path traversal attack on the target system.

The vulnerability exists due to improper validation of user requests within the management interface. A remote attacker can send malicious requests containing directory traversal character sequences within the management interface and view or create arbitrary files on the targeted system.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-travers...