CVE-2017-6639
Summary
| CVE | CVE-2017-6639 |
|---|---|
| State | PUBLISHED |
| Assigner | cisco |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-06-08 13:29:00 UTC |
| Updated | 2025-04-20 01:37:25 UTC |
| Description | A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software Releases 10.1(1) and 10.1(2) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd09961. |
Risk And Classification
Primary CVSS: v3.0 9.8 CRITICAL from [email protected]
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Problem Types: CWE-16 | CWE-862 | CWE-16 CWE-16
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 9.8 | CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:L/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Prime Data Center Network Manager | 10.1.0 | All | All | All |
| Application | Cisco | Prime Data Center Network Manager | 10.1\(1\) | All | All | All |
| Application | Cisco | Prime Data Center Network Manager | 10.1\(2\) | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Na | Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability | affected Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Document Display | HPE Support Center | af854a3a-2127-422b-91ae-364da2661108 | h20566.www2.hpe.com | |
| Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | tools.cisco.com | Vendor Advisory |
| Cisco Prime Data Center Network Manager CVE-2017-6639 Remote Code Execution Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Cisco Prime Data Center Network Manager Debugging Tool Lets Remote Users Execute Arbitrary Code on the Target System - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.