PT-2020-1391 · Cisco · Cisco Data Center Network Manager
Published
2020-01-02
·
Updated
2025-07-19
·
CVE-2019-15976
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco Data Center Network Manager (DCNM) (affected versions not specified)
Description
The issue concerns the authentication mechanisms of Cisco Data Center Network Manager (DCNM), where multiple vulnerabilities could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is also related to the use of pre-installed registration data in the SOAP API interface of the system. Exploitation of the vulnerability may allow a remote attacker to perform arbitrary actions on a vulnerable device.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Data Center Network Manager