Security bypass in Cisco Prime Data Center Network Manager - CVE-2017-6639
Published: June 12, 2017
Vulnerability identifier: #VU7008
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-6639
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Prime Data Center Network Manager
Cisco Prime Data Center Network Manager
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information or execute arbitrary code on the target system.
The weakness exists in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) due to the lack of authentication and authorization mechanisms for a debugging tool. A remote attacker can connect to the debugging tool via TCP and access sensitive information about the affected software or execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) due to the lack of authentication and authorization mechanisms for a debugging tool. A remote attacker can connect to the debugging tool via TCP and access sensitive information about the affected software or execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-6639
Install update from vendor's website.