Vulnerability Details : CVE-2019-1619
Public exploit exists!
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2019-1619
19.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-1619
-
Cisco Data Center Network Manager Unauthenticated File Download
Disclosure Date: 2019-06-26First seen: 2020-04-26auxiliary/admin/cisco/cisco_dcnm_downloadauxiliary/admin/cisco/cisco_dcnm_download DCNM exposes a servlet to download files on /fm/downloadServlet. An authenticated user can abuse this servlet to download arbitrary files as root by specifying the full path of the file. This module was tested on the DCNM Lin -
Cisco Data Center Network Manager Unauthenticated File Download
Disclosure Date: 2019-06-26First seen: 2020-07-16auxiliary/admin/networking/cisco_dcnm_downloadDCNM exposes a servlet to download files on /fm/downloadServlet. An authenticated user can abuse this servlet to download arbitrary files as root by specifying the full path of the file. This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0 -
Cisco Data Center Network Manager Unauthenticated Remote Code Execution
Disclosure Date: 2019-06-26First seen: 2020-04-26exploit/multi/http/cisco_dcnm_upload_2019DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CV
CVSS scores for CVE-2019-1619
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Cisco Systems, Inc. | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-1619
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: ykramarz@cisco.com (Secondary)
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-1619
-
https://seclists.org/bugtraq/2019/Jul/11
Bugtraq: Cisco Data Center Manager multiple vulns; RCE as rootMailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/153546/Cisco-Data-Center-Network-Manager-11.1-1-Remote-Code-Execution.html
Cisco Data Center Network Manager 11.1(1) Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/108902
Cisco Data Center Network Manager CVE-2019-1619 Authentication Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2019/Jul/7
Full Disclosure: Cisco Data Center Manager multiple vulns; RCE as rootMailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/154304/Cisco-Data-Center-Network-Manager-Unauthenticated-Remote-Code-Execution.html
Cisco Data Center Network Manager Unauthenticated Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-bypass
Cisco Data Center Network Manager Authentication Bypass VulnerabilityVendor Advisory
Products affected by CVE-2019-1619
- cpe:2.3:a:cisco:data_center_network_manager:10.4\(2\):*:*:*:*:*:*:*