PT-2019-2508 · Cisco · Cisco Data Center Network Manager

Pedro Ribeiro

Published

2019-06-26

Updated

2020-10-06

CVE-2019-1619

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Data Center Network Manager (DCNM) (affected versions not specified)

Description A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The issue is due to improper session management on affected DCNM software. An attacker could exploit this by sending a crafted HTTP request to the affected device, potentially gaining administrative access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-798

Related Identifiers

BDU:2019-02351

CVE-2019-1619

Affected Products

Cisco Data Center Network Manager

PT-2019-2508 · Cisco · Cisco Data Center Network Manager

CVE-2019-1619

Weakness Enumeration

Related Identifiers

Affected Products

References · 13