VAR-201312-0446
Vulnerability from variot - Updated: 2025-04-11 23:02The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file. Authentication is not required to exploit this vulnerability. An attacker can leverage this directory traversal vulnerability into arbitrary code execution on the compromised server in the security context of the Administrator account. An attacker can use this to either disclose sensitive data, or to disclose information about the server that can be used in a subsequent attack. EMC Connectrix is a network switch solution that provides an interface to the Connectrix server to manage and protect devices. The title and technical details have been changed to better reflect the underlying components affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04045640
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04045640 Version: 1
HPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2013-12-16 Last Updated: 2013-12-16
Potential Security Impact: Remote code execution
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP B-series SAN Network Advisor. The vulnerability could be exploited remotely resulting in code execution.
References: CVE-2013-6810 (BROCADE TSB 2013-176-A, SSRT101392)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP B-series SAN Network Advisor Enterprise Software v12.0.x
HP B-series SAN Network Advisor Professional Plus Software v12.0.x
HP B-series SAN Network Advisor Professional Plus Upgrade Software v12.0.x
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2013-6810 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following updates available to resolve the vulnerability.
HP B-series SAN Network Advisor Enterprise Software v12.1.1
HP B-series SAN Network Advisor Professional Plus Software v12.1.1
HP B-series SAN Network Advisor Professional Plus Upgrade Software v12.1.1
1) Go to http://www.hp.com/support/downloads.
2) Click on "Storage", "Storage Networking", and then "StoreFabric B-series Switches".
3) Click on the link for the appropriate switch, and then select your product.
4) Select under "Drivers, Software & Firmware" and then select your switch.
5) Click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)".
6) Click on "Application".
7) In the "Description" column of the table, click on "HP SAN B-series SAN Network Advisor" to download the current version.
HISTORY Version:1 (rev.1) - 16 December 2013 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux)
iEYEARECAAYFAlKvPL4ACgkQ4B86/C0qfVmu1gCfQJ/IVzeCRa5EKtAfF5bzsNpY CJQAn0XuI2HuuPZ7+j7F/gzlL8U2NEew =K3ek -----END PGP SIGNATURE----- . Using these servlets, remote unauthenticated attackers could read and place files from/on the CMCNE server and execute them.
Resolution:
The following products contain the resolution to these issues: \x95 EMC Connectrix Manager Converged Network Edition (CMCNE) 12.1.2 or higher
EMC strongly recommends all customers upgrade at the earliest opportunity. As a security best practice, customers are strongly advised to isolate the CMCNE server from external networks using VLANs and/or firewall rules only allowing authorized administrators to interact with the CMCNE server.
Link to remedies:
EMC Connectrix Manager Converged Network Edition (CMCNE) 12.1.2 downloads and documentation can be found at EMC Online Support: https://support.emc.com/products/23304_Connectrix-Manager-Converged-Network-Edition https://support.emc.com/downloads/120_Connectrix
Credits:
EMC would like to thank Andrea Micalizzi (aka rgod) working with Zero Day Initiative (http://www.zerodayinitiative.com) for reporting these issues.
Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867.
For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0446",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "connectrix manager converged network edition",
"scope": null,
"trust": 4.2,
"vendor": "emc",
"version": null
},
{
"model": "connectrix manager",
"scope": "eq",
"trust": 1.6,
"vendor": "emc",
"version": "11.2.1"
},
{
"model": "connectrix manager",
"scope": "eq",
"trust": 1.6,
"vendor": "emc",
"version": "12.0.1"
},
{
"model": "connectrix manager",
"scope": "eq",
"trust": 1.6,
"vendor": "emc",
"version": "12.0.3"
},
{
"model": "connectrix manager",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "converged network edition 11.2.1"
},
{
"model": "connectrix manager",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "converged network edition 12.0.1"
},
{
"model": "connectrix manager",
"scope": "eq",
"trust": 0.8,
"vendor": "dell emc old emc",
"version": "converged network edition 12.0.3"
},
{
"model": "hp b-series san network advisor",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "enterprise software 12.0.x"
},
{
"model": "hp b-series san network advisor",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "professional 12.0.x"
},
{
"model": "hp b-series san network advisor",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "professional plus upgrade software 12.0.x"
},
{
"model": "hp b-series san network advisor",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "professional plus software 12.0.x"
},
{
"model": "connectrix manager",
"scope": "eq",
"trust": 0.6,
"vendor": "emc",
"version": "12.x"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-278"
},
{
"db": "ZDI",
"id": "ZDI-13-283"
},
{
"db": "ZDI",
"id": "ZDI-13-279"
},
{
"db": "ZDI",
"id": "ZDI-13-280"
},
{
"db": "ZDI",
"id": "ZDI-13-282"
},
{
"db": "ZDI",
"id": "ZDI-13-281"
},
{
"db": "CNVD",
"id": "CNVD-2013-15244"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005505"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-242"
},
{
"db": "NVD",
"id": "CVE-2013-6810"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emc:connectrix_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:hp_b-series_san_network_advisor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005505"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi aka rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-278"
},
{
"db": "ZDI",
"id": "ZDI-13-283"
},
{
"db": "ZDI",
"id": "ZDI-13-279"
},
{
"db": "ZDI",
"id": "ZDI-13-280"
},
{
"db": "ZDI",
"id": "ZDI-13-282"
},
{
"db": "ZDI",
"id": "ZDI-13-281"
}
],
"trust": 4.2
},
"cve": "CVE-2013-6810",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-6810",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 3.3,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-6810",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 2.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-6810",
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-15244",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "CVE-2013-6810",
"trust": 4.2,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6810",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-6810",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-15244",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-242",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2013-6810",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-278"
},
{
"db": "ZDI",
"id": "ZDI-13-283"
},
{
"db": "ZDI",
"id": "ZDI-13-279"
},
{
"db": "ZDI",
"id": "ZDI-13-280"
},
{
"db": "ZDI",
"id": "ZDI-13-282"
},
{
"db": "ZDI",
"id": "ZDI-13-281"
},
{
"db": "CNVD",
"id": "CNVD-2013-15244"
},
{
"db": "VULMON",
"id": "CVE-2013-6810"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005505"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-242"
},
{
"db": "NVD",
"id": "CVE-2013-6810"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file. Authentication is not required to exploit this vulnerability. An attacker can leverage this directory traversal vulnerability into arbitrary code execution on the compromised server in the security context of the Administrator account. An attacker can use this to either disclose sensitive data, or to disclose information about the server that can be used in a subsequent attack. EMC Connectrix is a network switch solution that provides an interface to the Connectrix server to manage and protect devices. The title and technical details have been changed to better reflect the underlying components affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04045640\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04045640\nVersion: 1\n\nHPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2013-12-16\nLast Updated: 2013-12-16\n\nPotential Security Impact: Remote code execution\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP B-series SAN\nNetwork Advisor. The vulnerability could be exploited remotely resulting in\ncode execution. \n\nReferences: CVE-2013-6810 (BROCADE TSB 2013-176-A, SSRT101392)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP B-series SAN Network Advisor Enterprise Software v12.0.x\n\nHP B-series SAN Network Advisor Professional Plus Software v12.0.x\n\nHP B-series SAN Network Advisor Professional Plus Upgrade Software v12.0.x\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2013-6810 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following updates available to resolve the vulnerability. \n\nHP B-series SAN Network Advisor Enterprise Software v12.1.1\n\nHP B-series SAN Network Advisor Professional Plus Software v12.1.1\n\nHP B-series SAN Network Advisor Professional Plus Upgrade Software v12.1.1\n\n1) Go to http://www.hp.com/support/downloads. \n\n2) Click on \"Storage\", \"Storage Networking\", and then \"StoreFabric B-series\nSwitches\". \n\n3) Click on the link for the appropriate switch, and then select your\nproduct. \n\n4) Select under \"Drivers, Software \u0026 Firmware\" and then select your switch. \n\n5) Click on \"Cross operating system (BIOS, Firmware, Diagnostics, etc.)\". \n\n6) Click on \"Application\". \n\n7) In the \"Description\" column of the table, click on \"HP SAN B-series SAN\nNetwork Advisor\" to download the current version. \n\nHISTORY\nVersion:1 (rev.1) - 16 December 2013 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2013 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.19 (GNU/Linux)\n\niEYEARECAAYFAlKvPL4ACgkQ4B86/C0qfVmu1gCfQJ/IVzeCRa5EKtAfF5bzsNpY\nCJQAn0XuI2HuuPZ7+j7F/gzlL8U2NEew\n=K3ek\n-----END PGP SIGNATURE-----\n. Using these servlets, remote unauthenticated attackers could read and place files from/on the CMCNE server and execute them. \n\n\nResolution: \n\nThe following products contain the resolution to these issues:\n\\x95\tEMC Connectrix Manager Converged Network Edition (CMCNE) 12.1.2 or higher \n\n\nEMC strongly recommends all customers upgrade at the earliest opportunity. As a security best practice, customers are strongly advised to isolate the CMCNE server from external networks using VLANs and/or firewall rules only allowing authorized administrators to interact with the CMCNE server. \n\nLink to remedies:\n\nEMC Connectrix Manager Converged Network Edition (CMCNE) 12.1.2 downloads and documentation can be found at EMC Online Support:\nhttps://support.emc.com/products/23304_Connectrix-Manager-Converged-Network-Edition\nhttps://support.emc.com/downloads/120_Connectrix\n\n\nCredits: \n\nEMC would like to thank Andrea Micalizzi (aka rgod) working with Zero Day Initiative (http://www.zerodayinitiative.com) for reporting these issues. \n\n\nRead and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. \n\nFor an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. \n\nEMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6810"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005505"
},
{
"db": "ZDI",
"id": "ZDI-13-278"
},
{
"db": "ZDI",
"id": "ZDI-13-283"
},
{
"db": "ZDI",
"id": "ZDI-13-279"
},
{
"db": "ZDI",
"id": "ZDI-13-280"
},
{
"db": "ZDI",
"id": "ZDI-13-282"
},
{
"db": "ZDI",
"id": "ZDI-13-281"
},
{
"db": "CNVD",
"id": "CNVD-2013-15244"
},
{
"db": "BID",
"id": "64242"
},
{
"db": "VULMON",
"id": "CVE-2013-6810"
},
{
"db": "PACKETSTORM",
"id": "124478"
},
{
"db": "PACKETSTORM",
"id": "124405"
}
],
"trust": 6.48
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42701",
"trust": 0.2,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-6810"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6810",
"trust": 7.8
},
{
"db": "ZDI",
"id": "ZDI-13-283",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "42702",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "42701",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "56143",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1029485",
"trust": 1.1
},
{
"db": "BID",
"id": "64242",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005505",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1750",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-13-278",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1751",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1746",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-13-279",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1747",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-13-280",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1749",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-13-282",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1748",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-13-281",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "56078",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-15244",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20131211 ESA-2013-089: EMC CONNECTRIX MANAGER CONVERGED NETWORK EDITION REMOTE CODE EXECUTION VULNERABILITIES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201312-242",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2013-6810",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124478",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124405",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-278"
},
{
"db": "ZDI",
"id": "ZDI-13-283"
},
{
"db": "ZDI",
"id": "ZDI-13-279"
},
{
"db": "ZDI",
"id": "ZDI-13-280"
},
{
"db": "ZDI",
"id": "ZDI-13-282"
},
{
"db": "ZDI",
"id": "ZDI-13-281"
},
{
"db": "CNVD",
"id": "CNVD-2013-15244"
},
{
"db": "VULMON",
"id": "CVE-2013-6810"
},
{
"db": "BID",
"id": "64242"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005505"
},
{
"db": "PACKETSTORM",
"id": "124478"
},
{
"db": "PACKETSTORM",
"id": "124405"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-242"
},
{
"db": "NVD",
"id": "CVE-2013-6810"
}
]
},
"id": "VAR-201312-0446",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15244"
}
],
"trust": 1.18125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15244"
}
]
},
"last_update_date": "2025-04-11T23:02:50.947000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EMC has issued an update to correct this vulnerability.",
"trust": 4.2,
"url": "http://my.brocade.com/wps/myportal/!ut/p/b1/04_SjzQ0MzEwM7S0sDDSj9CPykssy0xPLMnMz0vMAfGjzOKd3BzDjE2MjQ39vbycDTzdXYJCLb18jQx8zIAKIoEKDHAARwNC-sP1o_ArMYEqwGOFn0d-bqp-blSOpaeuoyIA_fi0nA!!/dl4/d5/L2dJQSEvUUt3QS80SmtFL1o2X0JGQVYzNDMzMU9KSkMwSUdEUlU5Sk0yMDcx/"
},
{
"title": "EMC Connectrix Manager Software",
"trust": 0.8,
"url": "http://www.emc.com/collateral/software/data-sheet/l861-connectrix-manager.pdf"
},
{
"title": "CONNECTRIX",
"trust": 0.8,
"url": "http://japan.emc.com/storage/connectrix/connectrix.htm#!"
},
{
"title": "HPSBHF02953 SSRT101392",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04045640"
},
{
"title": "Patch for Multiple Remote Code Execution Vulnerabilities in EMC Connectrix Manager Converged Network Edition",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/41744"
},
{
"title": "install1212",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47291"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-278"
},
{
"db": "ZDI",
"id": "ZDI-13-283"
},
{
"db": "ZDI",
"id": "ZDI-13-279"
},
{
"db": "ZDI",
"id": "ZDI-13-280"
},
{
"db": "ZDI",
"id": "ZDI-13-282"
},
{
"db": "ZDI",
"id": "ZDI-13-281"
},
{
"db": "CNVD",
"id": "CNVD-2013-15244"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005505"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-242"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005505"
},
{
"db": "NVD",
"id": "CVE-2013-6810"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.2,
"url": "http://my.brocade.com/wps/myportal/!ut/p/b1/04_sjzq0mzewm7s0sddsj9cpykssy0xplmnmz0vmafgjzokd3bzdje2mjq39vbycdtzdxyjclb18jqx8ziakioekdhaarwnc-sp1o_armyeqwgofn0d-bqp-blsopaeuoyia_fi0na!!/dl4/d5/l2djqsevuut3qs80smtfl1o2x0jgqvyzndmzmu9kskmwsudeulu5sk0ymdcx/"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0053.html"
},
{
"trust": 1.4,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/att-0053/esa-2013-089.txt"
},
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/42701/"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/56143"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1029485"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=138723620521347\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.attrition.org/pipermail/vim/2014-january/002755.html"
},
{
"trust": 1.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-13-283/"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90728"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/42702/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6810"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6810"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/56078/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6810"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "http://www.hp.com/support/downloads."
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://support.emc.com/downloads/120_connectrix"
},
{
"trust": 0.1,
"url": "https://support.emc.com/products/23304_connectrix-manager-converged-network-edition"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com)"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-278"
},
{
"db": "ZDI",
"id": "ZDI-13-283"
},
{
"db": "ZDI",
"id": "ZDI-13-279"
},
{
"db": "ZDI",
"id": "ZDI-13-280"
},
{
"db": "ZDI",
"id": "ZDI-13-282"
},
{
"db": "ZDI",
"id": "ZDI-13-281"
},
{
"db": "CNVD",
"id": "CNVD-2013-15244"
},
{
"db": "VULMON",
"id": "CVE-2013-6810"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005505"
},
{
"db": "PACKETSTORM",
"id": "124478"
},
{
"db": "PACKETSTORM",
"id": "124405"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-242"
},
{
"db": "NVD",
"id": "CVE-2013-6810"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-13-278"
},
{
"db": "ZDI",
"id": "ZDI-13-283"
},
{
"db": "ZDI",
"id": "ZDI-13-279"
},
{
"db": "ZDI",
"id": "ZDI-13-280"
},
{
"db": "ZDI",
"id": "ZDI-13-282"
},
{
"db": "ZDI",
"id": "ZDI-13-281"
},
{
"db": "CNVD",
"id": "CNVD-2013-15244"
},
{
"db": "VULMON",
"id": "CVE-2013-6810"
},
{
"db": "BID",
"id": "64242"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005505"
},
{
"db": "PACKETSTORM",
"id": "124478"
},
{
"db": "PACKETSTORM",
"id": "124405"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-242"
},
{
"db": "NVD",
"id": "CVE-2013-6810"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-18T00:00:00",
"db": "ZDI",
"id": "ZDI-13-278"
},
{
"date": "2013-12-18T00:00:00",
"db": "ZDI",
"id": "ZDI-13-283"
},
{
"date": "2013-12-18T00:00:00",
"db": "ZDI",
"id": "ZDI-13-279"
},
{
"date": "2013-12-18T00:00:00",
"db": "ZDI",
"id": "ZDI-13-280"
},
{
"date": "2013-12-18T00:00:00",
"db": "ZDI",
"id": "ZDI-13-282"
},
{
"date": "2013-12-18T00:00:00",
"db": "ZDI",
"id": "ZDI-13-281"
},
{
"date": "2013-12-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15244"
},
{
"date": "2013-12-12T00:00:00",
"db": "VULMON",
"id": "CVE-2013-6810"
},
{
"date": "2013-12-11T00:00:00",
"db": "BID",
"id": "64242"
},
{
"date": "2013-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005505"
},
{
"date": "2013-12-17T03:58:51",
"db": "PACKETSTORM",
"id": "124478"
},
{
"date": "2013-12-13T10:22:22",
"db": "PACKETSTORM",
"id": "124405"
},
{
"date": "2013-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-242"
},
{
"date": "2013-12-12T17:55:03.597000",
"db": "NVD",
"id": "CVE-2013-6810"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-18T00:00:00",
"db": "ZDI",
"id": "ZDI-13-278"
},
{
"date": "2013-12-18T00:00:00",
"db": "ZDI",
"id": "ZDI-13-283"
},
{
"date": "2013-12-18T00:00:00",
"db": "ZDI",
"id": "ZDI-13-279"
},
{
"date": "2013-12-18T00:00:00",
"db": "ZDI",
"id": "ZDI-13-280"
},
{
"date": "2013-12-18T00:00:00",
"db": "ZDI",
"id": "ZDI-13-282"
},
{
"date": "2013-12-18T00:00:00",
"db": "ZDI",
"id": "ZDI-13-281"
},
{
"date": "2014-03-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15244"
},
{
"date": "2017-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2013-6810"
},
{
"date": "2014-01-31T00:34:00",
"db": "BID",
"id": "64242"
},
{
"date": "2015-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005505"
},
{
"date": "2013-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-242"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-6810"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "124405"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-242"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EMC Connectrix Manager Converged Network Edition Vulnerabilities in arbitrary server that allow arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005505"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-242"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.