Cisco Prime DCNM is a management tools for your Storage and Ethernet Networks, provides a robust framework and comprehensive feature set that meets the routing, switching, and storage administration needs of present and future virtualized data centers.





According to an advisory released, Cisco Prime Data Center Network Manager (DCNM) contains a remote command execution vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary commands on the computer that is running the Cisco Prime DCNM application.





The vulnerability exists because JBoss Application Server Remote Method Invocation (RMI) services, specifically the jboss.system:service=MainDeployer functionality, are exposed to unauthorized users.





All Cisco Prime Data Center Network Manager releases prior to release 6.1(1), for both the Microsoft Windows and Linux platforms, are affected by this vulnerability.





Successful exploitation of the vulnerability may allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system that hosts the Cisco Prime DCNM application in the context of the System user for Cisco Prime DCNM running on Microsoft Windows) or the root user for Cisco Prime DCNM running on Linux.



