CVE-2019-15975
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
In short
Cisco Data Center Network Manager has a critical flaw that allows attackers from the internet to bypass login security and take complete administrative control of the system without needing valid credentials.
Technical detail
Multiple authentication bypass vulnerabilities in Cisco DCNM allow unauthenticated remote attackers to circumvent authentication mechanisms (CWE-798: Use of Hard-Coded Credentials) and execute arbitrary administrative actions. The attack requires network access to the affected device but no prior authentication or user interaction, resulting in complete system compromise.
Summary generated and translated by AI from the official description.
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Cisco · Cisco Data Center Network Managerpublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/156238/Cisco-Data-Center-Network-Manager-11.2-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48018unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →