|
|||
Rule General Information |
---|
Release Date: | 2020-04-14 | |
Rule Name: | Cisco Data Center Network Manager Unauthenticated File Download Vulnerability (CVE-2019-1621) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device. | |
Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
Affected OS: | Windows, Network Device, Others | |
Reference: | SecurityFocusBID:108904 http://packetstormsecurity.com/files/153546/Cisco-Data-Center-Network-Manager-11.1-1-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2019/Jul/7 https://seclists.org/bugtraq/2019/Jul/11 |
|
Solutions |
---|
The vendors have released upgrade patches to fix vulnerabilities, please visit: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-file-dwnld |