CVE-2019-1622

CVE Database · CVE-2019-1622

CVE-2019-1622

· MEDIUMModified

CVSS v3.1

5.3

EPSS

78.86%

Published

Jun 27, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (2)

All weaponized →

Exploit-DBCisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download log files and diagnostic information from the affected device.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-284CWE-532

Affected Products (1)

cisco · data_center_network_managervulnerable

References (12)

http://packetstormsecurity.com/files/153546/Cisco-Data-Center-Network-Manager-11.1-1-Remote-Code-Execution.html

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/154304/Cisco-Data-Center-Network-Manager-Unauthenticated-Remote-Code-Execution.html

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2019/Jul/7

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/108908

Third Party AdvisoryVDB Entry

https://seclists.org/bugtraq/2019/Jul/11

Mailing ListThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs