NVD

Id
86629  
Name
CVE-2017-6639  
Description
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software Releases 10.1(1) and 10.1(2) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd09961.  
Reject
 
CVSS Version
2  
CVSS Score
10  
Severity
High  
CVSS Base Score
10  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-07-18  
Published
2017-06-08  
Modified Date
2017-07-07  
Seq
2017-6639  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
420406 86629 CVE-2016-2564 https://invisionpower.com/release-notes/419-r37/  View
420407 86629 CVE-2016-2564 https://medium.com/@iancarroll/bypassing-authentication-in-invision-power-board-with-cve-2016-2564-9a24ea3655f9  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
68461 JVNDB-2017-004718 Cisco Prime Data Center Network Manager のロールベースアクセス制御機能における重要な情報にアクセスされる脆弱性 Cisco Prime Data Center Network Manager (DCNM) のロールベースアクセス制御 (RBAC) 機能には、影響を受けるシステム上で重要な情報にアクセスされる、または root 権限で任意のコードを実行される脆弱性が存在します。 CVE-2017-6639 0 CVE-2017-6639 86629 10 9.8 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-004718.html 2017-06-07 2017-07-05 View