Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-15976Hard-coded Credentials in Cisco Data Center Network Manager

CWE-798Hard-coded Credentials7 documents7 sources
Severity
9.8CRITICALNVD
EPSS
43.0%
top 2.51%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Cisco Data Center Network ManagerCisco Data Center Network Manager
Timeline
PublishedJan 6
Latest updateMay 24

Description

Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_data_center_network_managerunspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-v89m-36f9-6rp4: Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker2022-05-24
CVEList
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities2020-01-06

💥Exploits & PoCs

1
Exploit-DB
Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL Injection2020-02-06

🔍Detection Rules

1
Suricata
ET EXPLOIT Cisco Data Center Network Manager Authentication Bypass Inbound (CVE-2019-15976)2021-07-24

📋Vendor Advisories

1
Cisco
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities2020-01-02
CVE-2019-15976 — Hard-coded Credentials in Cisco | cvebase