PT-2020-1392 · Cisco · Cisco Data Center Network Manager

Published

2020-01-02

Updated

2023-02-03

CVE-2019-15975

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco Data Center Network Manager (DCNM) (affected versions not specified)

Description The issue concerns the authentication mechanisms of Cisco Data Center Network Manager (DCNM), where multiple vulnerabilities could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. Specifically, the vulnerability is related to the REST API interface and the use of hard-coded registration data, which could enable a remote attacker to perform arbitrary actions on a vulnerable device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

BDU:2020-00343

CVE-2019-15975

ZDI-20-003

Affected Products

Cisco Data Center Network Manager

PT-2020-1392 · Cisco · Cisco Data Center Network Manager

CVE-2019-15975

Weakness Enumeration

Related Identifiers

Affected Products

References · 8