CVE-2015-0666
HIGH KEVCisco Prime Data Center Network Manager < 7.1(1) - Path Traversal via fmserver Servlet
Title source: llmExploitation Summary
CVE-2015-0666 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 25, 2022.
Description
Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.
References (3)
Core 3
Core References
Broken Link vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032009
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-0666
Scores
CVSS v3
7.5
EPSS
0.5998
EPSS Percentile
98.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
partial
Details
CISA KEV
2022-03-25
VulnCheck KEV
2015-04-01
InTheWild.io
2022-03-25
ENISA EUVD
EUVD-2015-0679
CWE
CWE-22
Status
published
Products (4)
cisco/prime_data_center_network_manager
6.3\(1\)
cisco/prime_data_center_network_manager
6.3\(2\)
cisco/prime_data_center_network_manager
7.0\(1\)
cisco/prime_data_center_network_manager
< 7.0\(2\)
Published
Apr 03, 2015
KEV Added
Mar 25, 2022
Tracked Since
Feb 18, 2026