Sign-up

ID

VAR-202001-0500


CVE

CVE-2019-15999


TITLE

Cisco Data Center Network Manager Vulnerable to unauthorized authentication

Trust: 0.8

sources: JVNDB: JVNDB-2019-014043

DESCRIPTION

A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts. Cisco Data Center Network Manager (DCNM) Contains an incorrect authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 2.34

sources: NVD: CVE-2019-15999 // JVNDB: JVNDB-2019-014043 // CNVD: CNVD-2020-00286 // VULHUB: VHN-148101 // VULMON: CVE-2019-15999

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-00286

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.3\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:data center network managerscope:ltversion:11.3(1)

Trust: 0.6

sources: CNVD: CNVD-2020-00286 // JVNDB: JVNDB-2019-014043 // NVD: CVE-2019-15999

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15999
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15999
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15999
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-00286
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202001-022
value: MEDIUM

Trust: 0.6

VULHUB: VHN-148101
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-15999
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-15999
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-00286
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-148101
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-15999
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15999
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.0

Trust: 1.0

NVD: CVE-2019-15999
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-00286 // VULHUB: VHN-148101 // VULMON: CVE-2019-15999 // JVNDB: JVNDB-2019-014043 // CNNVD: CNNVD-202001-022 // NVD: CVE-2019-15999 // NVD: CVE-2019-15999

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-863

Trust: 0.9

sources: VULHUB: VHN-148101 // JVNDB: JVNDB-2019-014043 // NVD: CVE-2019-15999

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-022

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-022

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014043

PATCH
title:cisco-sa-20200102-dcnm-unauth-accessurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-unauth-access
Trust: 0.8
title:Patch for Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/195947
Trust: 0.6
title:Cisco Data Center Network Manager Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106169
Trust: 0.6
title:Cisco: Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20200102-dcnm-unauth-access
Trust: 0.1
title:The Registerurl:https://www.theregister.co.uk/2020/01/03/critical_cisco_patches/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-00286 // 
            
            
            
            VULMON: CVE-2019-15999 // 
            
            
            
            JVNDB: JVNDB-2019-014043 // 
            
            
            
            CNNVD: CNNVD-202001-022

EXTERNAL IDS
db:NVDid:CVE-2019-15999
Trust: 3.2
db:PACKETSTORMid:155870
Trust: 1.8
db:JVNDBid:JVNDB-2019-014043
Trust: 0.8
db:CNNVDid:CNNVD-202001-022
Trust: 0.7
db:CNVDid:CNVD-2020-00286
Trust: 0.6
db:AUSCERTid:ESB-2020.0035
Trust: 0.6
db:EXPLOIT-DBid:47885
Trust: 0.6
db:VULHUBid:VHN-148101
Trust: 0.1
db:VULMONid:CVE-2019-15999
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-00286 // 
            
            
            
            VULHUB: VHN-148101 // 
            
            
            
            VULMON: CVE-2019-15999 // 
            
            
            
            JVNDB: JVNDB-2019-014043 // 
            
            
            
            CNNVD: CNNVD-202001-022 // 
            
            
            
            NVD: CVE-2019-15999

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200102-dcnm-unauth-access
Trust: 3.0
url:http://packetstormsecurity.com/files/155870/cisco-dcnm-jboss-10.4-credential-leakage.html
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-15999
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15999
Trust: 0.8
url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-privilege-escalation-via-jboss-eap-31256
Trust: 0.6
url:https://www.exploit-db.com/exploits/47885
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0035/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/173786
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-00286 // 
            
            
            
            VULHUB: VHN-148101 // 
            
            
            
            VULMON: CVE-2019-15999 // 
            
            
            
            JVNDB: JVNDB-2019-014043 // 
            
            
            
            CNNVD: CNNVD-202001-022 // 
            
            
            
            NVD: CVE-2019-15999

CREDITS
Harrison Neal of PatchAdvisor .
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202001-022

SOURCES
db:CNVDid:CNVD-2020-00286
db:VULHUBid:VHN-148101
db:VULMONid:CVE-2019-15999
db:JVNDBid:JVNDB-2019-014043
db:CNNVDid:CNNVD-202001-022
db:NVDid:CVE-2019-15999

LAST UPDATE DATE
2024-08-14T15:07:23.291000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-00286date:2020-01-03T00:00:00
db:VULHUBid:VHN-148101date:2020-10-22T00:00:00
db:VULMONid:CVE-2019-15999date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2019-014043date:2020-01-27T00:00:00
db:CNNVDid:CNNVD-202001-022date:2020-10-23T00:00:00
db:NVDid:CVE-2019-15999date:2020-10-22T17:37:07.357

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-00286date:2020-01-03T00:00:00
db:VULHUBid:VHN-148101date:2020-01-06T00:00:00
db:VULMONid:CVE-2019-15999date:2020-01-06T00:00:00
db:JVNDBid:JVNDB-2019-014043date:2020-01-27T00:00:00
db:CNNVDid:CNNVD-202001-022date:2020-01-02T00:00:00
db:NVDid:CVE-2019-15999date:2020-01-06T08:15:11.580