Vulnerability & Exploit Database

Back to search

Cisco Prime Data Center Network Manager Arbitrary File Upload

This module exploits a code execution flaw in Cisco Data Center Network Manager. The vulnerability exists in processImageSave.jsp, which can be abused through a directory traversal and a null byte injection to upload arbitrary files. The autodeploy JBoss application server feature is used to achieve remote code execution. This module has been tested successfully on Cisco Prime Data Center Network Manager 6.1(2) on Windows 2008 R2 (64 bits).

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/multi/http/cisco_dcnm_upload

Authors

  • rgod <rgod [at] autistici.org>
  • juan vazquez <juan.vazquez [at] metasploit.com>

References

Targets

  • Cisco DCNM 6.1(2) / Java Universal

Platforms

  • java

Architectures

  • java

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/http/cisco_dcnm_upload msf exploit(cisco_dcnm_upload) > show targets ...targets... msf exploit(cisco_dcnm_upload) > set TARGET <target-id> msf exploit(cisco_dcnm_upload) > show options ...show and set options... msf exploit(cisco_dcnm_upload) > exploit