ID

VAR-202001-0780


CVE

CVE-2019-15980


TITLE

Cisco Data Center Network Manager Path traversal vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-013741 // CNNVD: CNNVD-202001-031

DESCRIPTION

Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the fm/fmrest/dbadmin/saveLicenseFileToServer path in the service. When parsing the fileNames parameter, the process does not properly validate a user-supplied path prior to using it in file operations. The vulnerability stems from insufficient input validation provided by the user to the API. A remotely authenticated attacker with administrative rights can exploit this vulnerability by sending a specially crafted request to the API to read, write to any file, or execute any file in the system with full administrative rights. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 6.66

sources: NVD: CVE-2019-15980 // JVNDB: JVNDB-2019-013741 // ZDI: ZDI-20-007 // ZDI: ZDI-20-011 // ZDI: ZDI-20-006 // ZDI: ZDI-20-118 // ZDI: ZDI-20-005 // ZDI: ZDI-20-004 // ZDI: ZDI-20-101 // CNVD: CNVD-2020-00290 // VULHUB: VHN-148081

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-00290

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 5.7

vendor:ciscomodel:data center network managerscope:ltversion:11.3\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope:ltversion:11.3(1)

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:10.31

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:4.0

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:10.41

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:10.21

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:5.0

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:10.1

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:4.1

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:10.42

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:10.0

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:4.2

Trust: 0.6

sources: ZDI: ZDI-20-007 // ZDI: ZDI-20-011 // ZDI: ZDI-20-006 // ZDI: ZDI-20-118 // ZDI: ZDI-20-005 // ZDI: ZDI-20-004 // ZDI: ZDI-20-101 // CNVD: CNVD-2020-00290 // JVNDB: JVNDB-2019-013741 // CNNVD: CNNVD-202001-031 // NVD: CVE-2019-15980

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2019-15980
value: HIGH

Trust: 3.5

ZDI: CVE-2019-15980
value: MEDIUM

Trust: 1.4

nvd@nist.gov: CVE-2019-15980
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15980
value: HIGH

Trust: 1.0

NVD: CVE-2019-15980
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-00290
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202001-031
value: HIGH

Trust: 0.6

VULHUB: VHN-148081
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-15980
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-00290
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-148081
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2019-15980
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 2.8

ykramarz@cisco.com: CVE-2019-15980
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

ZDI: CVE-2019-15980
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2019-15980
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2019-15980
baseSeverity: HIGH
baseScore: 7.2
vectorString: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-007 // ZDI: ZDI-20-011 // ZDI: ZDI-20-006 // ZDI: ZDI-20-118 // ZDI: ZDI-20-005 // ZDI: ZDI-20-004 // ZDI: ZDI-20-101 // CNVD: CNVD-2020-00290 // VULHUB: VHN-148081 // JVNDB: JVNDB-2019-013741 // CNNVD: CNNVD-202001-031 // NVD: CVE-2019-15980 // NVD: CVE-2019-15980

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-148081 // JVNDB: JVNDB-2019-013741 // NVD: CVE-2019-15980

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-031

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202001-031

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013741

PATCH

title:cisco-sa-20200102-dcnm-path-travurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav

Trust: 5.7

title:Patch for Cisco Data Center Network Manager REST API Path Traversal Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/195955

Trust: 0.6

title:Cisco Data Center Network Manager Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106177

Trust: 0.6

sources: ZDI: ZDI-20-007 // ZDI: ZDI-20-011 // ZDI: ZDI-20-006 // ZDI: ZDI-20-118 // ZDI: ZDI-20-005 // ZDI: ZDI-20-004 // ZDI: ZDI-20-101 // CNVD: CNVD-2020-00290 // JVNDB: JVNDB-2019-013741 // CNNVD: CNNVD-202001-031

EXTERNAL IDS

db:NVDid:CVE-2019-15980

Trust: 8.0

db:ZDIid:ZDI-20-118

Trust: 1.3

db:JVNDBid:JVNDB-2019-013741

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-9035

Trust: 0.7

db:ZDIid:ZDI-20-007

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9025

Trust: 0.7

db:ZDIid:ZDI-20-011

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9027

Trust: 0.7

db:ZDIid:ZDI-20-006

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9469

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9026

Trust: 0.7

db:ZDIid:ZDI-20-005

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9024

Trust: 0.7

db:ZDIid:ZDI-20-004

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9288

Trust: 0.7

db:ZDIid:ZDI-20-101

Trust: 0.7

db:CNNVDid:CNNVD-202001-031

Trust: 0.7

db:CNVDid:CNVD-2020-00290

Trust: 0.6

db:AUSCERTid:ESB-2020.0034

Trust: 0.6

db:VULHUBid:VHN-148081

Trust: 0.1

sources: ZDI: ZDI-20-007 // ZDI: ZDI-20-011 // ZDI: ZDI-20-006 // ZDI: ZDI-20-118 // ZDI: ZDI-20-005 // ZDI: ZDI-20-004 // ZDI: ZDI-20-101 // CNVD: CNVD-2020-00290 // VULHUB: VHN-148081 // JVNDB: JVNDB-2019-013741 // CNNVD: CNNVD-202001-031 // NVD: CVE-2019-15980

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200102-dcnm-path-trav

Trust: 7.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-15980

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15980

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-directory-traversal-via-rest-soap-31254

Trust: 0.6

url:https://www.zerodayinitiative.com/advisories/zdi-20-118/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0034/

Trust: 0.6

sources: ZDI: ZDI-20-007 // ZDI: ZDI-20-011 // ZDI: ZDI-20-006 // ZDI: ZDI-20-118 // ZDI: ZDI-20-005 // ZDI: ZDI-20-004 // ZDI: ZDI-20-101 // CNVD: CNVD-2020-00290 // VULHUB: VHN-148081 // JVNDB: JVNDB-2019-013741 // CNNVD: CNNVD-202001-031 // NVD: CVE-2019-15980

CREDITS

Steven Seeley (mr_me) of Source Incite

Trust: 4.9

sources: ZDI: ZDI-20-007 // ZDI: ZDI-20-011 // ZDI: ZDI-20-006 // ZDI: ZDI-20-118 // ZDI: ZDI-20-005 // ZDI: ZDI-20-004 // ZDI: ZDI-20-101

SOURCES

db:ZDIid:ZDI-20-007
db:ZDIid:ZDI-20-011
db:ZDIid:ZDI-20-006
db:ZDIid:ZDI-20-118
db:ZDIid:ZDI-20-005
db:ZDIid:ZDI-20-004
db:ZDIid:ZDI-20-101
db:CNVDid:CNVD-2020-00290
db:VULHUBid:VHN-148081
db:JVNDBid:JVNDB-2019-013741
db:CNNVDid:CNNVD-202001-031
db:NVDid:CVE-2019-15980

LAST UPDATE DATE

2024-08-14T13:25:07.872000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-007date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-011date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-006date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-118date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-005date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-004date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-101date:2020-01-03T00:00:00
db:CNVDid:CNVD-2020-00290date:2020-01-03T00:00:00
db:VULHUBid:VHN-148081date:2020-01-08T00:00:00
db:JVNDBid:JVNDB-2019-013741date:2020-01-15T00:00:00
db:CNNVDid:CNNVD-202001-031date:2020-01-17T00:00:00
db:NVDid:CVE-2019-15980date:2020-01-08T19:33:42.770

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-007date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-011date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-006date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-118date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-005date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-004date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-101date:2020-01-03T00:00:00
db:CNVDid:CNVD-2020-00290date:2020-01-03T00:00:00
db:VULHUBid:VHN-148081date:2020-01-06T00:00:00
db:JVNDBid:JVNDB-2019-013741date:2020-01-15T00:00:00
db:CNNVDid:CNNVD-202001-031date:2020-01-02T00:00:00
db:NVDid:CVE-2019-15980date:2020-01-06T08:15:11.143