Vulnerability Details : CVE-2019-1620
Public exploit exists!
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device.
Vulnerability category: Directory traversalExecute code
Products affected by CVE-2019-1620
- cpe:2.3:a:cisco:data_center_network_manager:11.0\(1\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-1620
42.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-1620
-
Cisco Data Center Network Manager Unauthenticated Remote Code Execution
Disclosure Date: 2019-06-26First seen: 2020-04-26exploit/multi/http/cisco_dcnm_upload_2019DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CV
CVSS scores for CVE-2019-1620
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Cisco Systems, Inc. | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-1620
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
-
Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2019-1620
-
https://seclists.org/bugtraq/2019/Jul/11
Bugtraq: Cisco Data Center Manager multiple vulns; RCE as rootMailing List;Third Party Advisory
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-codex
Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution VulnerabilityVendor Advisory
-
http://packetstormsecurity.com/files/153546/Cisco-Data-Center-Network-Manager-11.1-1-Remote-Code-Execution.html
Cisco Data Center Network Manager 11.1(1) Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2019/Jul/7
Full Disclosure: Cisco Data Center Manager multiple vulns; RCE as rootMailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/154304/Cisco-Data-Center-Network-Manager-Unauthenticated-Remote-Code-Execution.html
Cisco Data Center Network Manager Unauthenticated Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/108906
Cisco Data Center Network Manager CVE-2019-1620 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
Jump to