CVE-2013-5486

Name of the Vulnerable Software and Affected Versions Cisco Prime Data Center Network Manager versions prior to 6.2(1)

Description The issue allows remote attackers to write arbitrary files via the chartid parameter in the processImageSave.jsp file. This can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.

Recommendations For versions prior to 6.2(1), update to version 6.2(1) or later to resolve the issue. As a temporary workaround, consider restricting access to the processImageSave.jsp file and the fileUploadServlet until a patch is available. Avoid using the chartid parameter in the affected API endpoint until the issue is resolved.