CVE-2019-15977

CVE Database · CVE-2019-15977

CVE-2019-15977

· HIGHModified

CVSS v3.1

7.5

EPSS

38.11%

Published

Jan 6, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (2)

All weaponized →

Exploit-DBCisco Data Center Network Manager 11.2.1 - 'LanFabricImpl' Command Injection TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-798CWE-798

Affected Products (1)

cisco · data_center_network_manager (up to 11.3\(1\))vulnerable

References (4)

http://packetstormsecurity.com/files/156242/Cisco-Data-Center-Network-Manager-11.2.1-Command-Injection.html

ExploitThird Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass

Vendor Advisory

http://packetstormsecurity.com/files/156242/Cisco-Data-Center-Network-Manager-11.2.1-Command-Injection.html

ExploitThird Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs