Details of VAR-201309-0453

ID

VAR-201309-0453

CVE

CVE-2013-5487

TITLE

Cisco Prime Data Center Network Manager of DCNM-SAN Vulnerability to read arbitrary files on server

Trust: 0.8

sources: JVNDB: JVNDB-2013-004278

DESCRIPTION

DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029. Vendors have confirmed this vulnerability Bug ID CSCue77029 It is released as.A third party may be able to read arbitrary files. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet. Without prior authentication, an attacker could invoke the DownloadServlet to disclose an arbitrary file from the file system. With this information, a remote attacker could abuse this to execute arbitrary code against the target server. Successfully exploiting this issue may allow an attacker to gain access to certain arbitrary files. Information obtained may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCue77029. The manager provides multi-protocol management of the network and provides troubleshooting capabilities for switch health and performance

Trust: 2.61

sources: NVD: CVE-2013-5487 // JVNDB: JVNDB-2013-004278 // ZDI: ZDI-13-256 // BID: 62483 // VULHUB: VHN-65489

AFFECTED PRODUCTS

vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	6.1\(1a\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.1\(4\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.1\(3\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.2\(2c\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	6.1\(1b\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.1\(2\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.2\(2e\)	Trust: 1.6
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.1\(5\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	lte	version:	6.1\(1b\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.2\(2a\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.2\(3\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.2\(2b\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.2\(2\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.0\(3\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.1\(2\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	4.2\(1\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.0\(2\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.1\(1\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	5.1\(3u\)	Trust: 1.0
vendor:	cisco	model:	prime data center network manager	scope:	lt	version:	6.2(1)	Trust: 0.8
vendor:	cisco	model:	data center network manager	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-13-256 // JVNDB: JVNDB-2013-004278 // CNNVD: CNNVD-201309-370 // NVD: CVE-2013-5487

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5487
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5487
value:	HIGH
Trust: 0.8
ZDI:	CVE-2013-5487
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-201309-370
value:	HIGH
Trust: 0.6
VULHUB:	VHN-65489
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5487
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2013-5487
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
VULHUB:	VHN-65489
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: ZDI: ZDI-13-256 // VULHUB: VHN-65489 // JVNDB: JVNDB-2013-004278 // CNNVD: CNNVD-201309-370 // NVD: CVE-2013-5487

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-65489 // JVNDB: JVNDB-2013-004278 // NVD: CVE-2013-5487

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-370

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201309-370

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004278

PATCH

title:	cisco-sa-20130918-dcnm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm	Trust: 1.5
title:	30682	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=30682	Trust: 0.8
title:	30756	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30756	Trust: 0.8
title:	cisco-sa-20130918-dcnm	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119892_cisco-sa-20130918-dcnm-j.html	Trust: 0.8

sources: ZDI: ZDI-13-256 // JVNDB: JVNDB-2013-004278

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5487	Trust: 3.5
db:	BID	id:	62483	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-004278	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-1768	Trust: 0.7
db:	ZDI	id:	ZDI-13-256	Trust: 0.7
db:	CISCO	id:	20130918 MULTIPLE VULNERABILITIES IN CISCO PRIME DATA CENTER NETWORK MANAGER	Trust: 0.6
db:	CNNVD	id:	CNNVD-201309-370	Trust: 0.6
db:	VULHUB	id:	VHN-65489	Trust: 0.1

sources: ZDI: ZDI-13-256 // VULHUB: VHN-65489 // BID: 62483 // JVNDB: JVNDB-2013-004278 // CNNVD: CNNVD-201309-370 // NVD: CVE-2013-5487

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130918-dcnm	Trust: 2.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5487	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5487	Trust: 0.8
url:	http://www.securityfocus.com/bid/62483	Trust: 0.6

sources: ZDI: ZDI-13-256 // VULHUB: VHN-65489 // JVNDB: JVNDB-2013-004278 // CNNVD: CNNVD-201309-370 // NVD: CVE-2013-5487

CREDITS

Andrea Micalizzi aka rgod

Trust: 0.7

sources: ZDI: ZDI-13-256

SOURCES

db:	ZDI	id:	ZDI-13-256
db:	VULHUB	id:	VHN-65489
db:	BID	id:	62483
db:	JVNDB	id:	JVNDB-2013-004278
db:	CNNVD	id:	CNNVD-201309-370
db:	NVD	id:	CVE-2013-5487

LAST UPDATE DATE

2025-04-11T23:05:35.609000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-13-256	date:	2013-11-24T00:00:00
db:	VULHUB	id:	VHN-65489	date:	2013-09-23T00:00:00
db:	BID	id:	62483	date:	2013-11-27T00:24:00
db:	JVNDB	id:	JVNDB-2013-004278	date:	2013-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201309-370	date:	2013-09-24T00:00:00
db:	NVD	id:	CVE-2013-5487	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-13-256	date:	2013-11-24T00:00:00
db:	VULHUB	id:	VHN-65489	date:	2013-09-23T00:00:00
db:	BID	id:	62483	date:	2013-09-18T00:00:00
db:	JVNDB	id:	JVNDB-2013-004278	date:	2013-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201309-370	date:	2013-09-24T00:00:00
db:	NVD	id:	CVE-2013-5487	date:	2013-09-23T10:18:59.173