CVE: CVE-2019-1620

Descrizione: A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device.

Vettore di attacco

Riferimenti esterni

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-codex
• http://www.securityfocus.com/bid/108906
• https://seclists.org/bugtraq/2019/Jul/11
• http://packetstormsecurity.com/files/153546/Cisco-Data-Center-Network-Manager-11.1-1-Remote-Code-Execution.html
• http://seclists.org/fulldisclosure/2019/Jul/7
• http://packetstormsecurity.com/files/154304/Cisco-Data-Center-Network-Manager-Unauthenticated-Remote-Code-Execution.html

Prodotti interessati

• Cisco – Cisco Data Center Network Manager

Relazioni con altri prodotti

Produttore:Cisco
Prodotto: Cisco Data Center Network Manager
Anno: 2019
CWE: CWE-264
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2019)