Guest

Preview Tool

Cisco Bug: CSCvv65124 - Cisco DCNM executable hijacking vulnerability on unsupported operating system

Last Modified

Sep 29, 2020

Products (1)

  • Cisco Data Center Network Manager

Known Affected Releases

11.4(1)

Description (partial)

Symptom:
A vulnerability in the Cisco Data Center Network Manager (DCNM) installer for Windows could allow an authenticated, local attacker to perform an executable hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.

The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious executable file and placing it in a specific location on the targeted system. The malicious file would execute when the vulnerable application is first installed. A successful exploit could allow the attacker to execute arbitrary code on the target machine with administrative privileges.

Conditions:
This vulnerability only applies to Windows 2019, which is not supported by DCNM
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.