CVE-2019-1621

CVE Database · CVE-2019-1621

CVE-2019-1621

· HIGHModified

CVSS v3.1

7.5

EPSS

29.82%

Published

Jun 27, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-264CWE-22

Affected Products (1)

cisco · data_center_network_managervulnerable

References (10)

http://packetstormsecurity.com/files/153546/Cisco-Data-Center-Network-Manager-11.1-1-Remote-Code-Execution.html

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2019/Jul/7

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/108904

Third Party AdvisoryVDB Entry

https://seclists.org/bugtraq/2019/Jul/11

Mailing ListThird Party Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-file-dwnld

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs