CVE-2019-15983

Name of the Vulnerable Software and Affected Versions Cisco Data Center Network Manager (DCNM) (affected versions not specified)

Description A vulnerability in the SOAP API of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain read access to information stored on an affected system. The vulnerability exists because the SOAP API improperly handles XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by inserting malicious XML content in an API request, such as the "/api" endpoint, using vulnerable parameters like xmlContent. A successful exploit could allow the attacker to read arbitrary files from the affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.