CVE: CVE-2019-1621

Descrizione: A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device.

Vettore di attacco

Riferimenti esterni

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-file-dwnld
• http://www.securityfocus.com/bid/108904
• https://seclists.org/bugtraq/2019/Jul/11
• http://packetstormsecurity.com/files/153546/Cisco-Data-Center-Network-Manager-11.1-1-Remote-Code-Execution.html
• http://seclists.org/fulldisclosure/2019/Jul/7

Prodotti interessati

• Cisco – Cisco Data Center Network Manager

Relazioni con altri prodotti

Produttore:Cisco
Prodotto: Cisco Data Center Network Manager
Anno: 2019
CWE: CWE-264
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2019)