CVE-2019-15980

Name of the Vulnerable Software and Affected Versions Cisco Data Center Network Manager (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager. These vulnerabilities could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device, potentially impacting the confidentiality, integrity, and availability of protected information. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. The vulnerabilities are related to incorrect restriction of the path name to a directory with limited access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.