Vulnerability Details : CVE-2019-15976
Potential exploit
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Products affected by CVE-2019-15976
- cpe:2.3:a:cisco:data_center_network_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-15976
11.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-15976
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Cisco Systems, Inc. | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-15976
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2019-15976
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass
Cisco Data Center Network Manager Authentication Bypass VulnerabilitiesVendor Advisory
-
http://packetstormsecurity.com/files/156239/Cisco-Data-Center-Network-Manager-11.2.1-SQL-Injection.html
Cisco Data Center Network Manager 11.2.1 SQL Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to