Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2019-15975

Published: 06/01/2020 Updated: 03/02/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Cisco

Vulnerability Summary

Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote malicious user to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco data center network manager

Vendor Advisories

Cisco: Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device For more information about these vulnerabilities, see the Details section of this advisory ...

Exploits

Exploit DB: Cisco Data Center Network Manager 11.2 Remote Code Execution
Cisco Data Center Network Manager version 112 remote code execution exploit ...

Recent Articles

New year, new critical Cisco patches to install – this time for a dirty dozen of bugs that can be exploited to sidestep auth, inject commands, etc
The Register • Shaun Nichols in San Francisco • 03 Jan 2020

Data Center Network Manager bugapalooza with three must-fix flaws Cisco slips on a Tolkien ring: One chip design to rule them all, one design to find them. One design to bring them all...

Cisco is kicking off 2020 with the release of a crop of patches for its Data Center Network Manager. The updates address a total of 12 CVE-listed patches and range in severity from moderate to critical, though should all be patched regardless of rating. Nearly all were found within the REST and SOAP APIs. The immediate priority should be cleaning up CVE-201915975, CVE-201915976, and CVE-201915975, a trio of authentication bypass bugs that can be exploited remotely without authentication. The thr...

Read more...

References

CWE-798https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypasshttp://packetstormsecurity.com/files/156238/Cisco-Data-Center-Network-Manager-11.2-Remote-Code-Execution.htmlhttps://nvd.nist.govhttps://www.theregister.co.uk/2020/01/03/critical_cisco_patches/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook