Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-15999Improper Access Control in Cisco Data Center Network Manager

CWE-284Improper Access Control5 documents5 sources
Severity
6.3MEDIUMNVD
EPSS
3.2%
top 13.08%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Cisco Data Center Network ManagerCisco Data Center Network Manager
Timeline
PublishedJan 6
Latest updateMay 24

Description

A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5cisco/cisco_data_center_network_managerunspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-qq28-cqj6-ghfh: A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unaut2022-05-24
CVEList
Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability2020-01-06

💥Exploits & PoCs

1
Exploit-DB
Cisco DCNM JBoss 10.4 - Credential Leakage2020-01-08

📋Vendor Advisories

1
Cisco
Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability2020-01-02
CVE-2019-15999 — Improper Access Control in Cisco | cvebase