CVE-2013-5486

DCNM-SAN Server <6.2(1) - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-5486. PoCs published by Metasploit, including Metasploit module exploits/multi/http/cisco_dcnm_upload.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal and null byte injection vulnerability in Cisco Prime Data Center Network Manager to upload a malicious WAR file, achieving remote code execution via JBoss autodeploy.

Description

Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotejava
https://www.exploit-db.com/exploits/30008

This Metasploit module exploits a directory traversal and null byte injection vulnerability in Cisco Prime Data Center Network Manager to upload a malicious WAR file, achieving remote code execution via JBoss autodeploy.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Cisco Prime Data Center Network Manager 6.1(2)
No auth needed
Prerequisites: Network access to the target · JBoss autodeploy feature enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocjava
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cisco_dcnm_upload.rb

This Metasploit module exploits a directory traversal and null byte injection vulnerability in Cisco Prime Data Center Network Manager to upload a malicious WAR file, achieving remote code execution via JBoss autodeploy.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Cisco Prime Data Center Network Manager 6.1(2)
No auth needed
Prerequisites: Network access to the target · JBoss autodeploy feature enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/30008

Scores

EPSS 0.7596
EPSS Percentile 99.5%

Details

CWE
CWE-78
Status published
Products (19)
cisco/prime_data_center_network_manager 4.1\(2\)
cisco/prime_data_center_network_manager 4.1\(3\)
cisco/prime_data_center_network_manager 4.1\(4\)
cisco/prime_data_center_network_manager 4.1\(5\)
cisco/prime_data_center_network_manager 4.2\(1\)
cisco/prime_data_center_network_manager 4.2\(3\)
cisco/prime_data_center_network_manager 5.0\(2\)
cisco/prime_data_center_network_manager 5.0\(3\)
cisco/prime_data_center_network_manager 5.1\(1\)
cisco/prime_data_center_network_manager 5.1\(2\)
... and 9 more
Published Sep 23, 2013
Tracked Since Feb 18, 2026