Cisco Data Center Network Manager vulnerabilities

CVE-2019-15981 [HIGH] CWE-22 CVE-2019-15981: Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM applicati

CVE-2019-15980 [HIGH] CWE-22 CVE-2019-15980: Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM applicati

CVE-2019-15982 [HIGH] CWE-22 CVE-2019-15982: Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM applicati

CVE-2019-15979 [HIGH] CWE-78 CVE-2019-15979: Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DC Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). For more information about these vulnerabilities, see the Details section of th

CVE-2019-15978 [HIGH] CWE-78 CVE-2019-15978: Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DC Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). For more information about these vulnerabilities, see the Details section of th

CVE-2019-15983 [MEDIUM] CWE-611 CVE-2019-15983: A vulnerability in the SOAP API of Cisco Data Center Network Manager (DCNM) could allow an authentic A vulnerability in the SOAP API of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need administrative privileges on the DCNM application. The vulnerability exists because the SOAP API impro

CVE-2019-15999 [MEDIUM] CWE-284 CVE-2019-15999: A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could all A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An

CVE-2019-1620 [CRITICAL] CWE-264 CVE-2019-1620: A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) co A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially cra

CVE-2019-1619 [CRITICAL] CWE-284 CVE-2019-1619: A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) co A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session management on affected DCNM software. An attacker c

CVE-2019-1621 [HIGH] CWE-264 CVE-2019-1621: A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) co A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the

CVE-2019-1622 [MEDIUM] CWE-284 CVE-2019-1622: A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) co A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by con

CVE-2018-0464 [HIGH] CWE-22 CVE-2018-0464: A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote a A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by send

CVE-2018-0440 [HIGH] CWE-264 CVE-2018-0440: A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticat A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to incomplete input validation of user input within an HTTP request. An attacker could exploit this vulnerability by a

CVE-2018-0450 [MEDIUM] CWE-79 CVE-2018-0450: A vulnerability in the web-based management interface of Cisco Data Center Network Manager could all A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management

CVE-2018-0210 [HIGH] CWE-352 CVE-2018-0210: A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections on