CVE-2019-15977
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
In short
Cisco Data Center Network Manager has a flaw that lets hackers bypass login requirements and take full control of the system remotely without needing valid credentials. This is critical because attackers can perform any administrative action they want.
Technical detail
Multiple authentication bypass vulnerabilities in Cisco DCNM (CWE-798: hardcoded credentials or weak authentication) allow unauthenticated remote attackers to gain administrative privileges. The attack vector is network-based with no user interaction required; successful exploitation results in complete system compromise with administrative access.
Summary generated and translated by AI from the official description.
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Cisco · Cisco Data Center Network Managerpublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/156242/Cisco-Data-Center-Network-Manager-11.2.1-Command-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48020unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →