CVE-2017-6639

CRITICAL

Cisco Prime Data Center Network Manager 10.1(1)-10.1(2) - Unauthenticated Remote Code Execution via Debugging Tool

Title source: llm
STIX 2.1

Description

A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software Releases 10.1(1) and 10.1(2) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd09961.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038626
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98935

Scores

CVSS v3 9.8
EPSS 0.3539
EPSS Percentile 98.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-16 CWE-862
Status published
Products (4)
cisco/prime_data_center_network_manager 10.1\(1\)
cisco/prime_data_center_network_manager 10.1\(2\)
cisco/prime_data_center_network_manager 10.1.0
n/a/Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability
Published Jun 08, 2017
Tracked Since Feb 18, 2026