CVE-2019-1621Path Traversal in Cisco Data Center Network Manager

CWE-264CWE-22Path Traversal4 documents4 sources
Severity
7.5HIGHNVD
EPSS
60.2%
top 1.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Data Center Network ManagerCisco Data Center Network Manager
Timeline
PublishedJun 27
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download arbi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_data_center_network_managerunspecified11.2(1)

🔴Vulnerability Details

2
GHSA
GHSA-cgcp-2f46-m8g4: A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to g2022-05-24
CVEList
Cisco Data Center Network Manager Arbitrary File Download Vulnerability2019-06-27

📋Vendor Advisories

1
Cisco
Cisco Data Center Network Manager Arbitrary File Download Vulnerability2019-06-26
CVE-2019-1621 — Path Traversal in Cisco | cvebase