PT-2013-5571 · Red Hat+1 · Jboss+1

Rgod

Published

2013-09-23

Updated

2016-09-16

CVE-2013-5486

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Prime Data Center Network Manager versions prior to 6.2(1)

Description The issue allows remote attackers to write arbitrary files via the chartid parameter in the processImageSave.jsp file. This can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.

Recommendations For versions prior to 6.2(1), update to version 6.2(1) or later to resolve the issue. As a temporary workaround, consider restricting access to the processImageSave.jsp file and the fileUploadServlet until a patch is available. Avoid using the chartid parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2013-5486

ZDI-13-254

ZDI-13-255

Affected Products

Cisco Prime Data Center Network Manager

Jboss

PT-2013-5571 · Red Hat+1 · Jboss+1

CVE-2013-5486

Weakness Enumeration

Related Identifiers

Affected Products

References · 7