Posts

Cisco Prime DCNM Information Disclosure (Jan 3, 2014)

Cisco Unified Fabric is a data center architecture which provides connectivity and unifies storage, data networking and network services. Cisco Prime Data Center Network Manager (DCNM) is a set of tools to implement, visualize, and manage Cisco Unified Fabric. DCNM incorporates JBoss for its custom web applications, including a Java servlet named “/downloadServlet”.

An information disclosure vulnerability exists in Cisco Prime DCNM. The vulnerability is due to 1. there is no authentication for accessing “/downloadServlet” and 2. the servlet lacks input validation of HTTP requests. In an attack scenario, a remote attacker can leverage this vulnerability to download any file form the server.

The vulnerability has been assigned as CVE-2013-5487.

Dell SonicWALL has released an IPS signature to detect and block specific exploitation attempts targeting this vulnerability. The signature is listed below:

  • 5345 Cisco Prime Data Center Network Manager Information Disclosure