Sign-up

ID

VAR-202001-0775


CVE

CVE-2019-15975


TITLE

Cisco Data Center Network Manager Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2019-013852

DESCRIPTION

Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Data Center Network Manager (DCNM) Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The issue results from trusting input that has been encrypted with a hard-coded and discoverable cryptographic key. An attacker can leverage this vulnerability to add new global admins to the system. The vulnerability stems from a static encryption key shared by all installations. A remote unauthenticated attacker could exploit this vulnerability by using a static key to create a valid session token to manage permissions and perform arbitrary operations through the REST API. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 2.88

sources: NVD: CVE-2019-15975 // JVNDB: JVNDB-2019-013852 // ZDI: ZDI-20-003 // CNVD: CNVD-2020-00283 // VULHUB: VHN-148075

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-00283

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 1.5

vendor:ciscomodel:data center network managerscope:ltversion:11.3\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope:ltversion:11.3(1)

Trust: 0.6

sources: ZDI: ZDI-20-003 // CNVD: CNVD-2020-00283 // JVNDB: JVNDB-2019-013852 // NVD: CVE-2019-15975

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15975
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15975
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-15975
value: CRITICAL

Trust: 0.8

ZDI: CVE-2019-15975
value: CRITICAL

Trust: 0.7

CNVD: CNVD-2020-00283
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202001-047
value: CRITICAL

Trust: 0.6

VULHUB: VHN-148075
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-15975
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-00283
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-148075
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-15975
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-15975
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2019-15975
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-003 // CNVD: CNVD-2020-00283 // VULHUB: VHN-148075 // JVNDB: JVNDB-2019-013852 // CNNVD: CNNVD-202001-047 // NVD: CVE-2019-15975 // NVD: CVE-2019-15975

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-148075 // JVNDB: JVNDB-2019-013852 // NVD: CVE-2019-15975

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-047

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202001-047

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013852

PATCH
title:cisco-sa-20200102-dcnm-auth-bypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass\
Trust: 0.8
title:Cisco has issued an update to correct this vulnerability.url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass
Trust: 0.7
title:Patch for Cisco Data Center Network Manager REST API Certification Bypass Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/195963
Trust: 0.6
title:Cisco Data Center Network Manager Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106188
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-003 // 
            
            
            
            CNVD: CNVD-2020-00283 // 
            
            
            
            JVNDB: JVNDB-2019-013852 // 
            
            
            
            CNNVD: CNNVD-202001-047

EXTERNAL IDS
db:NVDid:CVE-2019-15975
Trust: 3.8
db:PACKETSTORMid:156238
Trust: 1.7
db:ZDIid:ZDI-20-003
Trust: 1.3
db:JVNDBid:JVNDB-2019-013852
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-9021
Trust: 0.7
db:CNNVDid:CNNVD-202001-047
Trust: 0.7
db:CNVDid:CNVD-2020-00283
Trust: 0.6
db:EXPLOIT-DBid:48018
Trust: 0.6
db:AUSCERTid:ESB-2020.0036
Trust: 0.6
db:AUSCERTid:ESB-2020.1072
Trust: 0.6
db:VULHUBid:VHN-148075
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-003 // 
            
            
            
            CNVD: CNVD-2020-00283 // 
            
            
            
            VULHUB: VHN-148075 // 
            
            
            
            JVNDB: JVNDB-2019-013852 // 
            
            
            
            CNNVD: CNNVD-202001-047 // 
            
            
            
            NVD: CVE-2019-15975

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200102-dcnm-auth-bypass
Trust: 3.0
url:http://packetstormsecurity.com/files/156238/cisco-data-center-network-manager-11.2-remote-code-execution.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-15975
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15975
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0036/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1072/
Trust: 0.6
url:https://www.zerodayinitiative.com/advisories/zdi-20-003/
Trust: 0.6
url:https://www.exploit-db.com/exploits/48018
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-003 // 
            
            
            
            CNVD: CNVD-2020-00283 // 
            
            
            
            VULHUB: VHN-148075 // 
            
            
            
            JVNDB: JVNDB-2019-013852 // 
            
            
            
            CNNVD: CNNVD-202001-047 // 
            
            
            
            NVD: CVE-2019-15975

CREDITS
Steven Seeley (mr_me) of Source Incite
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-003

SOURCES
db:ZDIid:ZDI-20-003
db:CNVDid:CNVD-2020-00283
db:VULHUBid:VHN-148075
db:JVNDBid:JVNDB-2019-013852
db:CNNVDid:CNNVD-202001-047
db:NVDid:CVE-2019-15975

LAST UPDATE DATE
2024-08-14T14:12:01.781000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-003date:2020-01-03T00:00:00
db:CNVDid:CNVD-2020-00283date:2020-01-03T00:00:00
db:VULHUBid:VHN-148075date:2023-02-03T00:00:00
db:JVNDBid:JVNDB-2019-013852date:2020-01-17T00:00:00
db:CNNVDid:CNNVD-202001-047date:2020-03-27T00:00:00
db:NVDid:CVE-2019-15975date:2023-02-03T17:02:33.753

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-003date:2020-01-03T00:00:00
db:CNVDid:CNVD-2020-00283date:2020-01-03T00:00:00
db:VULHUBid:VHN-148075date:2020-01-06T00:00:00
db:JVNDBid:JVNDB-2019-013852date:2020-01-17T00:00:00
db:CNNVDid:CNNVD-202001-047date:2020-01-02T00:00:00
db:NVDid:CVE-2019-15975date:2020-01-06T08:15:10.723