module
Cisco Data Center Network Manager Unauthenticated File Download
| Disclosed |
|---|
| 2019-06-26 |
Disclosed
2019-06-26
Description
DCNM exposes a servlet to download files on /fm/downloadServlet.
An authenticated user can abuse this servlet to download arbitrary files as root by specifying
the full path of the file.
This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0(1) and 11.1(1), and should
work on a few versions below 10.4(2). Only version 11.0(1) requires authentication to exploit
(see References to understand why).
An authenticated user can abuse this servlet to download arbitrary files as root by specifying
the full path of the file.
This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0(1) and 11.1(1), and should
work on a few versions below 10.4(2). Only version 11.0(1) requires authentication to exploit
(see References to understand why).
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.