Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-1622Improper Access Control in Cisco Data Center Network Manager

CWE-284Improper Access ControlCWE-532Log File Information Exposure7 documents7 sources
Severity
5.3MEDIUMNVD
EPSS
84.8%
top 0.65%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Cisco Data Center Network ManagerCisco Data Center Network Manager
Timeline
PublishedJun 27
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_data_center_network_managerunspecified11.2(1)

🔴Vulnerability Details

2
GHSA
GHSA-v74g-p98c-6q4p: A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to r2022-05-24
CVEList
Cisco Data Center Network Manager Information Disclosure Vulnerability2019-06-27

💥Exploits & PoCs

2
Exploit-DB
Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit)2019-09-03
Metasploit
Cisco Data Center Network Manager Unauthenticated Remote Code Execution

🔍Detection Rules

1
Suricata
ET EXPLOIT Possible Cisco Data Center Network Manager - Log Retrieval (CVE-2019-1622)2021-07-27

📋Vendor Advisories

1
Cisco
Cisco Data Center Network Manager Information Disclosure Vulnerability2019-06-26
CVE-2019-1622 — Improper Access Control in Cisco | cvebase