CVE-2019-15982

Name of the Vulnerable Software and Affected Versions Cisco Data Center Network Manager (DCNM) versions prior to the fixed version

Description The issue exists due to incorrect restriction of a directory path name with limited access in the Application Framework component of Cisco Data Center Network Manager (DCNM). This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device, requiring administrative privileges on the DCNM application.

Recommendations For versions prior to the fixed version, update to the fixed version to resolve the issue. As a temporary workaround, consider restricting access to the Application Framework feature and the REST and SOAP API endpoints to minimize the risk of exploitation.