CVE-2019-1620

CVE Database · CVE-2019-1620

CVE-2019-1620

· CRITICALModified

CVSS v3.1

9.8

EPSS

83.78%

Published

Jun 27, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (2)

All weaponized →

Exploit-DBCisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-264CWE-22

Affected Products (1)

cisco · data_center_network_managervulnerable

References (12)

http://packetstormsecurity.com/files/153546/Cisco-Data-Center-Network-Manager-11.1-1-Remote-Code-Execution.html

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/154304/Cisco-Data-Center-Network-Manager-Unauthenticated-Remote-Code-Execution.html

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2019/Jul/7

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/108906

Third Party AdvisoryVDB Entry

https://seclists.org/bugtraq/2019/Jul/11

Mailing ListThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs