CVE-2019-15999

Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability

CVSS 5.4 MEDIUMEPSS 3.6%CWE-284

A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Produtos afetados

Cisco · Cisco Data Center Network Manager

PoCs públicas encontradas — 2

cve_referencepacketstormsecurity.com/files/155870/Cisco-DCNM-JBoss-10.4-Credential-Leakage.htmlnão verificado exploitdbwww.exploit-db.com/exploits/47885não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://packetstormsecurity.com/files/155870/Cisco-DCNM-JBoss-10.4-Credential-Leakage.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-unauth-access