CVE-2019-15980
published 2020-01-06CVE-2019-15980: Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an…
PriorityP262high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
49.96%
98.8th percentile
Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_data_center_network_manager | >= unspecified < n/a | n/a |
| cisco | data_center_network_manager | < 11.3\(1\) | 11.3\(1\) |
| cisco | data_center_network_manager_path | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/ReportWSService/ReportWS
bytes
..|2f|..|2f|
snort
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Cisco Data Center Network Manager Directory Traversal Inbound (CVE-2019-15980)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/ReportWSService/ReportWS"; fast_pattern; http.request_body; content:"..|2f|..|2f|"; reference:url,www.exploit-db.com/exploits/48019; reference:cve,2019-15980; classtype:attempted-admin; sid:2033412; rev:2; metadata:created_at 2021_07_24, cve CVE_2019_15980, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)
- →The directory traversal payload is delivered via HTTP POST to the SOAP endpoint /ReportWSService/ReportWS; monitor for POST requests to this URI containing URL-encoded traversal sequences (..%2f..%2f or ..|2f|..|2f|) in the request body.
- →The vulnerability affects REST and SOAP API endpoints as well as the Application Framework feature of Cisco DCNM; monitor all three attack surfaces for path traversal patterns. ↗
- →Severity is aggravated by simultaneous authentication bypass vulnerabilities in DCNM; chain detection for auth bypass (unauthenticated access) followed by path traversal activity. ↗
- →Snort/Suricata SID 2033412 (ET ruleset) provides a high-confidence, perimeter and internal deployment signature for this CVE.
- ·Exploitation requires administrative privileges on the DCNM application under normal conditions; however, this requirement is effectively lowered when chained with the concurrent authentication bypass vulnerabilities. ↗
- ·There are no workarounds available; only vendor-supplied software updates remediate these vulnerabilities. ↗
- ·Three distinct Cisco bug IDs are tracked for this vulnerability family, indicating multiple affected code paths across DCNM components. ↗
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Data Center Network Manager Path Traversal Vulnerabilities
vendor_cisco·2020-01-02·CVSS 7.2
CVE-2019-15980 [HIGH] CWE-22 Cisco Data Center Network Manager Path Traversal Vulnerabilities
Cisco Data Center Network Manager Path Traversal Vulnerabilities
Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application.
For more information about these vulnerabilities, see the Details section of this advisory.
Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
Cisco has released software updates that address these vulnerabi
Cisco
Cisco Data Center Network Manager Path Traversal Vulnerabilities
vendor_cisco·CVSS 3.0
CVE-2019-15980 Cisco Data Center Network Manager Path Traversal Vulnerabilities
CVE-2019-15980: Cisco Data Center Network Manager Path Traversal Vulnerabilities
Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the
CVSS: 3.0
CWE: CWE-22, CWE-22
Bug IDs: CSCvq85957, CSCvq85972, CSCvq85998, CSCvq85957, CSCvq85972
GHSA
GHSA-78x8-3xhw-vmmq: Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could al
ghsa_unreviewed·2022-05-24
CVE-2019-15980 [HIGH] GHSA-78x8-3xhw-vmmq: Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could al
Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
Suricata
ET EXPLOIT Cisco Data Center Network Manager Directory Traversal Inbound (CVE-2019-15980)
suricata·2021-07-24·CVSS 7.2
CVE-2019-15980 [HIGH] ET EXPLOIT Cisco Data Center Network Manager Directory Traversal Inbound (CVE-2019-15980)
ET EXPLOIT Cisco Data Center Network Manager Directory Traversal Inbound (CVE-2019-15980)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Cisco Data Center Network Manager Directory Traversal Inbound (CVE-2019-15980)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/ReportWSService/ReportWS"; fast_pattern; http.request_body; content:"..|2f|..|2f|"; reference:url,www.exploit-db.com/exploits/48019; reference:cve,2019-15980; classtype:attempted-admin; sid:2033412; rev:2; metadata:created_at 2021_07_24, cve CVE_2019_15980, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_tec
No public exploits indexed.
2020-01-06
Published