CVE-2013-5486

Published: Sep 23, 2013Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.

Affected (19)

Products: Cisco: Prime Data Center Network Manager

Cisco

1 product

Prime Data Center Network Manager

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Cisco Prime Data Center Network Manager	Version 4.1(2)
Cisco Prime Data Center Network Manager	Version 4.1(3)
Cisco Prime Data Center Network Manager	Version 4.1(4)
Cisco Prime Data Center Network Manager	Version 4.1(5)
Cisco Prime Data Center Network Manager	Version 4.2(1)
Cisco Prime Data Center Network Manager	Version 4.2(3)
Cisco Prime Data Center Network Manager	Version 5.0(2)
Cisco Prime Data Center Network Manager	Version 5.0(3)
Cisco Prime Data Center Network Manager	Version 5.1(1)
Cisco Prime Data Center Network Manager	Version 5.1(2)
Cisco Prime Data Center Network Manager	Version 5.1(3u)
Cisco Prime Data Center Network Manager	Version 5.2(2)
Cisco Prime Data Center Network Manager	Version 5.2(2a)
Cisco Prime Data Center Network Manager	Version 5.2(2b)
Cisco Prime Data Center Network Manager	Version 5.2(2c)
Cisco Prime Data Center Network Manager	Version 6.1(1b)

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Cisco Prime Data Center Network Manager	Up to 6.1\(1b\)
Cisco Prime Data Center Network Manager	Version 5.2(2e)
Cisco Prime Data Center Network Manager	Version 6.1(1a)