Vulnerability CVE-2019-1622


Published: 2019-06-26   Modified: 2019-06-27

Description:
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download log files and diagnostic information from the affected device.

See advisories in our WLB2 database:
Topic
Author
Date
High
Cisco Data Center Network Manager Unauthenticated Remote Code Execution
Pedro Ribeiro
03.09.2019
Med.
Cisco Data Center Network Manager Unauthenticated Remote Code Execution (Metasploit)
Pedro Ribeiro
20.09.2019

Type:

CWE-284

(Improper Access Control)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Cisco -> Data center network manager 

 References:
http://packetstormsecurity.com/files/153546/Cisco-Data-Center-Network-Manager-11.1-1-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2019/Jul/7
http://www.securityfocus.com/bid/108908
https://seclists.org/bugtraq/2019/Jul/11
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-infodiscl

Copyright 2024, cxsecurity.com

 

Back to Top