CVE-2019-15976
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
In short
Cisco Data Center Network Manager has critical flaws that let remote attackers skip login and gain full administrative control without any credentials. This is dangerous because attackers can take over the entire network management system from the internet.
Technical detail
Multiple authentication bypass vulnerabilities in Cisco DCNM allow unauthenticated remote attackers to execute arbitrary administrative actions. The attack requires network access to the affected DCNM instance but no prior credentials or user interaction; successful exploitation grants full administrative privileges over the managed network infrastructure.
Summary generated and translated by AI from the official description.
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Cisco · Cisco Data Center Network Managerpublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/156239/Cisco-Data-Center-Network-Manager-11.2.1-SQL-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48019unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →