Detections
Analytics

Cisco DCNM Authentication Bypass (CVE-2019-15977)

high Nessus Plugin ID 133078

Language:

Synopsis

A web application running on the remote host contains an authentication bypass vulnerability.

Description

The version of Cisco Data Center Network Manager (DCNM) running on the remote web server is affected by an authentication bypass vulnerability that can lead to information disclosure. An unauthenticated, remote attacker can exploit this issue, by logging into specific sections of the web management interface with hardcoded credentials. The information revealed through this vulnerability may be used in combination with other vulnerabilities to achieve remote code execution.

Solution

Upgrade to Cisco Data Center Network Manager version 11.3(1) or later.

See Also

http://www.nessus.org/u?0dee461d

http://www.nessus.org/u?7295287f

Plugin Details

Severity: High

ID: 133078

File Name: cisco_dcnm_cve-2019-15977.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 1/20/2020

Updated: 12/5/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2019-15977

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:data_center_network_manager

Required KB Items: installed_sw/cisco_dcnm_web

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/25/2019

Vulnerability Publication Date: 1/2/2019

Reference Information

CVE: CVE-2019-15977