CVE-2019-15999
published 2020-01-06CVE-2019-15999: A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized…
PriorityP348medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EXPLOIT
EPSS
3.65%
88.2th percentile
A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_data_center_network_manager | >= unspecified < n/a | n/a |
| cisco | data_center_network_manager | < 11.3\(1\) | 11.3\(1\) |
| cisco | data_center_network_manager_jboss_eap_unauthorized_access | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_cisco5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability
vendor_cisco·2020-01-02·CVSS 5.4
CVE-2019-15999 [MEDIUM] CWE-284 Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability
Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability
A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device.
The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability
Cisco
Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability
vendor_cisco·CVSS 3.0
CVE-2019-15999 Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability
CVE-2019-15999: Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability
A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-284, CWE-
GHSA
GHSA-qq28-cqj6-ghfh: A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unaut
ghsa_unreviewed·2022-05-24
CVE-2019-15999 [MEDIUM] GHSA-qq28-cqj6-ghfh: A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unaut
A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts.
No detection rules found.
http://packetstormsecurity.com/files/155870/Cisco-DCNM-JBoss-10.4-Credential-Leakage.htmlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-unauth-accesshttp://packetstormsecurity.com/files/155870/Cisco-DCNM-JBoss-10.4-Credential-Leakage.htmlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-unauth-access
2020-01-06
Published