Vulnerability Details : CVE-2019-1621
Public exploit exists!
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device.
Vulnerability category: Directory traversal
Products affected by CVE-2019-1621
- cpe:2.3:a:cisco:data_center_network_manager:11.0\(1\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-1621
1.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-1621
-
Cisco Data Center Network Manager Unauthenticated File Download
Disclosure Date: 2019-06-26First seen: 2020-04-26auxiliary/admin/cisco/cisco_dcnm_downloadauxiliary/admin/cisco/cisco_dcnm_download DCNM exposes a servlet to download files on /fm/downloadServlet. An authenticated user can abuse this servlet to download arbitrary files as root by specifying the full path of the file. This module was tested on the DCNM Lin -
Cisco Data Center Network Manager Unauthenticated File Download
Disclosure Date: 2019-06-26First seen: 2020-07-16auxiliary/admin/networking/cisco_dcnm_downloadDCNM exposes a servlet to download files on /fm/downloadServlet. An authenticated user can abuse this servlet to download arbitrary files as root by specifying the full path of the file. This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0
CVSS scores for CVE-2019-1621
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
Cisco Systems, Inc. | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2019-1621
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
-
Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2019-1621
-
https://seclists.org/bugtraq/2019/Jul/11
Bugtraq: Cisco Data Center Manager multiple vulns; RCE as rootMailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/153546/Cisco-Data-Center-Network-Manager-11.1-1-Remote-Code-Execution.html
Cisco Data Center Network Manager 11.1(1) Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-file-dwnld
Cisco Data Center Network Manager Arbitrary File Download VulnerabilityVendor Advisory
-
http://seclists.org/fulldisclosure/2019/Jul/7
Full Disclosure: Cisco Data Center Manager multiple vulns; RCE as rootMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/108904
Cisco Data Center Network Manager CVE-2019-1621 Arbitrary File Download VulnerabilityThird Party Advisory;VDB Entry
Jump to