CVE-2019-15979

Name of the Vulnerable Software and Affected Versions Cisco Data Center Network Manager (DCNM) (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM), allowing an authenticated, remote attacker with administrative privileges to inject arbitrary commands on the underlying operating system. This is due to the lack of measures to neutralize special elements used in the operating system command. Exploitation could enable a remote attacker to execute arbitrary commands in the host operating system by sending a specially crafted malicious request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.