QID 87490

Date Published: 2022-05-05

QID 87490: Cisco Data Center Network Manager Spring4Shell Vulnerability (CSCwb43637)

Cisco Data Center Network Manager is affected with Spring4Shell vulnerability

Affected Products
DCNM Version 12.1(0.208)

QID Detection Logic:(Unauthenticated): The unauthenticated check tries to fetch the version in response to GET request to an API. The authenticated check checks for version using registry information.

Successful exploit could compromise confidentiality, integrity and security of the system.

CVSS V3 rated as Critical - 9.8 severity.

CVSS V2 rated as High - 7.5 severity.

Solution

Customers are advised to refer to cisco-sa-java-spring-rce-Zx9GUc67 for more information.

Vendor References

CSCwb43637 - tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67

CVEs related to QID 87490

CVE-2022-22965 |

Software Advisories

Advisory ID	Software	Component	Link
cisco-sa-java-spring-rce-Zx9GUc67			tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].