Home Cisco CVE-2015-0666
CRITICAL: THIS VULNERABILITY IS ACTIVELY BEING EXPLOITED IN THE WILD (CISA KEV CATALOG)
Back to Cisco

CVE-2015-0666

Exploited

Cisco Prime Data Center Network Manager (DCNM) - fmserver servlet

Cisco CVSS 7.5 Updated April 30, 2026

Executive Risk Summary

"A directory traversal vulnerability exists in the fmserver servlet of Cisco Prime Data Center Network Manager (DCNM) before 7.1(1), allowing remote attackers to read arbitrary files via a crafted pathname. This vulnerability can be exploited by an unauthenticated attacker, potentially leading to sensitive information disclosure."

Anticipated Attack Path

  1. 1. Initial Exploitation: Attacker crafts a malicious pathname to exploit the directory traversal vulnerability
  2. 2. Post-Exploitation: Attacker reads arbitrary files on the DCNM server, potentially gaining access to sensitive information
  3. 3. Lateral Movement: Attacker may use the obtained information to move laterally within the network

Am I Vulnerable?

  • Verify DCNM version and apply patch if necessary
  • Restrict access to the DCNM server and fmserver servlet
  • Monitor for suspicious activity and file access attempts

Operational Audit Arsenal

Target Type servlet
Target Asset fmserver
Standard Path /fmserver

Manual Verification Required

This is a non-Windows asset (Cisco). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.

Patch Impact Forecast

Reboot Required Likely

Potential disruption to DCNM services during patch application

Internal Work Notes

Directory traversal vulnerability in Cisco Prime DCNM fmserver servlet, patch and restrict access to mitigate

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm
Official Advisoryhttp://www.securitytracker.com/id/1032009
Official Advisoryhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm
Official Advisoryhttp://www.securitytracker.com/id/1032009
Official Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-0666

Related Cisco Threats

CVE-2026-20079 CVSS 10

Secure Firewall Management Center (FMC) Software
CVE-2026-20127 CVSS 10

Catalyst SD-WAN Controller - Peering Authentication
CVE-2025-20188 CVSS 10

Cisco IOS XE - Wireless LAN Controllers
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.