CVE-2017-6639

Name of the Vulnerable Software and Affected Versions Cisco Prime Data Center Network Manager (DCNM) versions 10.1(1) through 10.1(2)

Description A vulnerability in the role-based access control (RBAC) functionality could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The issue is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this by remotely connecting to the debugging tool via TCP, potentially accessing sensitive information or executing arbitrary code with root privileges.

Recommendations For versions 10.1(1) and 10.1(2), consider disabling the debugging tool until a patch is available to prevent exploitation. Restrict access to the debugging tool to minimize the risk of exploitation. Avoid using the affected software until a fixed version is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.