Lucene search

CiscoCVE-2019-1619

HistoryJun 27, 2019 - 3:15 a.m.

CVE-2019-1619

2019-06-2703:15:09

CWE-798

CWE-284

cisco

web.nvd.nist.gov

118

cisco

dcnm

web-based

management interface

vulnerability

authentication bypass

cve-2019-1619

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.192

Percentile

96.4%

JSON

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device.

Affected configurations

Nvd

Node

ciscodata_center_network_managerMatch10.4\(2\)

VendorProductVersionCPE
ciscodata_center_network_manager10.4(2)cpe:2.3:a:cisco:data_center_network_manager:10.4\(2\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	data_center_network_manager	10.4(2)	cpe:2.3:a:cisco:data_center_network_manager:10.4\(2\):::::::*

CNA Affected

[
  {
    "product": "Cisco Data Center Network Manager",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "11.1(1)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]