CVE-2019-15978

Published: Jan 6, 2020

Modified: Nov 15, 2024

PUBLISHED

CVSS v3.0

7.2

HIGH

Description

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.

Vendor	Product	Versions
Cisco	Cisco Data Center Network Manager	affected `unspecified - < n/a`

Weaknesses (CWE)

CWE-78

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

20200102 Cisco Data Center Network Manager Command Injection Vulnerabilities

vendor-advisory

x_refsource_CISCO

http://packetstormsecurity.com/files/156242/Cisco-Data-Center-Network-Manager-11.2.1-Command-Injection.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-15978

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References