CVE ID | CVE-2013-5486 |
CVSS SCORE | 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C |
AFFECTED VENDORS |
Cisco |
AFFECTED PRODUCTS |
Data Center Network Manager |
VULNERABILITY DETAILS |
The specific flaw exists within the processImageSave_jsp servlet which contains an arbitrary file creation vulnerability. When the 'mode' argument of a GET request is set to 'save', a remote attacker can specify other arguments that allow for control of the data and location of the file. A remote attacker can abuse this to execute remote code under the context of the SYSTEM user. |
ADDITIONAL DETAILS |
Cisco has issued an update to correct this vulnerability. More details can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm |
DISCLOSURE TIMELINE |
|
CREDIT | Andrea Micalizzi aka rgod |