CVE-2019-15976

Published: Jan 6, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Affected (1)

Products: Cisco: Data Center Network Manager

1 product

Data Center Network Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Data Center Network Manager	Before 11.3\(1\)

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

http://packetstormsecurity.com/files/156239/Cisco-Data-Center-Network-Manager-11.2.1-SQL-Injection.html

Source: psirt@cisco.com

ExploitThird Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass

Source: psirt@cisco.com

Vendor Advisory

http://packetstormsecurity.com/files/156239/Cisco-Data-Center-Network-Manager-11.2.1-SQL-Injection.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.