CVE-2013-6810

EMC Connectrix Manager - Remote Code Execution via Servlet File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-6810. PoCs published by James Fitts.

AI-analyzed exploit summary This Metasploit module exploits a file upload vulnerability in EMC Connectrix Manager Converged Network Edition (CMCNE) <= 11.2.1. It uploads a malicious JSP payload via the FileUploadController servlet, achieving remote code execution in the context of the server user.

Description

The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file.

Exploits (2)

exploitdb WORKING POC
by James Fitts · rubyremotejava
https://www.exploit-db.com/exploits/42701

This Metasploit module exploits a file upload vulnerability in EMC Connectrix Manager Converged Network Edition (CMCNE) <= 11.2.1. It uploads a malicious JSP payload via the FileUploadController servlet, achieving remote code execution in the context of the server user.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: EMC Connectrix Manager Converged Network Edition <= 11.2.1
No auth needed
Prerequisites: Network access to the target server · Target server running vulnerable EMC CMCNE version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by James Fitts · rubyremotejava
https://www.exploit-db.com/exploits/42702

This Metasploit module exploits a file upload vulnerability in EMC Connectrix Manager Converged Network Edition (CMCNE) <= 11.2.1, allowing an attacker to upload a malicious JSP file to the remote file system and achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: EMC Connectrix Manager Converged Network Edition <= 11.2.1
No auth needed
Prerequisites: Network access to the target · Target running EMC CMCNE <= 11.2.1
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory mailing-list x_refsource_vim
http://www.attrition.org/pipermail/vim/2014-January/002755.html
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42702/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029485
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-13-283/
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-12/0053.html
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=138723620521347&w=2
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42701/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90728
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56143

Scores

EPSS 0.1700
EPSS Percentile 96.7%

Details

CWE
CWE-94
Status published
Products (3)
emc/connectrix_manager 11.2.1
emc/connectrix_manager 12.0.1
emc/connectrix_manager 12.0.3
Published Dec 12, 2013
Tracked Since Feb 18, 2026