ID

VAR-202001-0775


CVE

CVE-2019-15975


TITLE

Cisco Data Center Network Manager Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2019-013852

DESCRIPTION

Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Data Center Network Manager (DCNM) Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The issue results from trusting input that has been encrypted with a hard-coded and discoverable cryptographic key. An attacker can leverage this vulnerability to add new global admins to the system. The vulnerability stems from a static encryption key shared by all installations. A remote unauthenticated attacker could exploit this vulnerability by using a static key to create a valid session token to manage permissions and perform arbitrary operations through the REST API. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 2.88

sources: NVD: CVE-2019-15975 // JVNDB: JVNDB-2019-013852 // ZDI: ZDI-20-003 // CNVD: CNVD-2020-00283 // VULHUB: VHN-148075

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-00283

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 1.5

vendor:ciscomodel:data center network managerscope:ltversion:11.3\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope:ltversion:11.3(1)

Trust: 0.6

sources: ZDI: ZDI-20-003 // CNVD: CNVD-2020-00283 // JVNDB: JVNDB-2019-013852 // NVD: CVE-2019-15975

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15975
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15975
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-15975
value: CRITICAL

Trust: 0.8

ZDI: CVE-2019-15975
value: CRITICAL

Trust: 0.7

CNVD: CNVD-2020-00283
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202001-047
value: CRITICAL

Trust: 0.6

VULHUB: VHN-148075
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-15975
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-00283
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-148075
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-15975
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-15975
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2019-15975
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-003 // CNVD: CNVD-2020-00283 // VULHUB: VHN-148075 // JVNDB: JVNDB-2019-013852 // CNNVD: CNNVD-202001-047 // NVD: CVE-2019-15975 // NVD: CVE-2019-15975

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-148075 // JVNDB: JVNDB-2019-013852 // NVD: CVE-2019-15975

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-047

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202001-047

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013852

PATCH

title:cisco-sa-20200102-dcnm-auth-bypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass\

Trust: 0.8

title:Cisco has issued an update to correct this vulnerability.url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass

Trust: 0.7

title:Patch for Cisco Data Center Network Manager REST API Certification Bypass Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/195963

Trust: 0.6

title:Cisco Data Center Network Manager Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106188

Trust: 0.6

sources: ZDI: ZDI-20-003 // CNVD: CNVD-2020-00283 // JVNDB: JVNDB-2019-013852 // CNNVD: CNNVD-202001-047

EXTERNAL IDS

db:NVDid:CVE-2019-15975

Trust: 3.8

db:PACKETSTORMid:156238

Trust: 1.7

db:ZDIid:ZDI-20-003

Trust: 1.3

db:JVNDBid:JVNDB-2019-013852

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-9021

Trust: 0.7

db:CNNVDid:CNNVD-202001-047

Trust: 0.7

db:CNVDid:CNVD-2020-00283

Trust: 0.6

db:EXPLOIT-DBid:48018

Trust: 0.6

db:AUSCERTid:ESB-2020.0036

Trust: 0.6

db:AUSCERTid:ESB-2020.1072

Trust: 0.6

db:VULHUBid:VHN-148075

Trust: 0.1

sources: ZDI: ZDI-20-003 // CNVD: CNVD-2020-00283 // VULHUB: VHN-148075 // JVNDB: JVNDB-2019-013852 // CNNVD: CNNVD-202001-047 // NVD: CVE-2019-15975

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200102-dcnm-auth-bypass

Trust: 3.0

url:http://packetstormsecurity.com/files/156238/cisco-data-center-network-manager-11.2-remote-code-execution.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-15975

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15975

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.0036/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1072/

Trust: 0.6

url:https://www.zerodayinitiative.com/advisories/zdi-20-003/

Trust: 0.6

url:https://www.exploit-db.com/exploits/48018

Trust: 0.6

sources: ZDI: ZDI-20-003 // CNVD: CNVD-2020-00283 // VULHUB: VHN-148075 // JVNDB: JVNDB-2019-013852 // CNNVD: CNNVD-202001-047 // NVD: CVE-2019-15975

CREDITS

Steven Seeley (mr_me) of Source Incite

Trust: 0.7

sources: ZDI: ZDI-20-003

SOURCES

db:ZDIid:ZDI-20-003
db:CNVDid:CNVD-2020-00283
db:VULHUBid:VHN-148075
db:JVNDBid:JVNDB-2019-013852
db:CNNVDid:CNNVD-202001-047
db:NVDid:CVE-2019-15975

LAST UPDATE DATE

2024-08-14T14:12:01.781000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-003date:2020-01-03T00:00:00
db:CNVDid:CNVD-2020-00283date:2020-01-03T00:00:00
db:VULHUBid:VHN-148075date:2023-02-03T00:00:00
db:JVNDBid:JVNDB-2019-013852date:2020-01-17T00:00:00
db:CNNVDid:CNNVD-202001-047date:2020-03-27T00:00:00
db:NVDid:CVE-2019-15975date:2023-02-03T17:02:33.753

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-003date:2020-01-03T00:00:00
db:CNVDid:CNVD-2020-00283date:2020-01-03T00:00:00
db:VULHUBid:VHN-148075date:2020-01-06T00:00:00
db:JVNDBid:JVNDB-2019-013852date:2020-01-17T00:00:00
db:CNNVDid:CNNVD-202001-047date:2020-01-02T00:00:00
db:NVDid:CVE-2019-15975date:2020-01-06T08:15:10.723