Details of VAR-202001-0784

ID

VAR-202001-0784

CVE

CVE-2019-15984

TITLE

Cisco Data Center Network Manager In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013737

DESCRIPTION

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the processing of requests to the rest/config/delivery/history service. When parsing the sort parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions. The REST API in versions prior to Cisco DCNM 11.3(1) has a SQL injection vulnerability due to insufficient validation of user input submitted to the API. A remote attacker could exploit this vulnerability to execute arbitrary SQL commands by sending a specially crafted request

Trust: 12.42

sources: NVD: CVE-2019-15984 // JVNDB: JVNDB-2019-013737 // ZDI: ZDI-20-020 // ZDI: ZDI-20-116 // ZDI: ZDI-20-019 // ZDI: ZDI-20-079 // ZDI: ZDI-20-029 // ZDI: ZDI-20-089 // ZDI: ZDI-20-109 // ZDI: ZDI-20-110 // ZDI: ZDI-20-069 // ZDI: ZDI-20-039 // ZDI: ZDI-20-059 // ZDI: ZDI-20-032 // ZDI: ZDI-20-038 // ZDI: ZDI-20-085 // ZDI: ZDI-20-096 // ZDI: ZDI-20-099 // ZDI: ZDI-20-049 // VULHUB: VHN-148085

AFFECTED PRODUCTS

vendor:	cisco	model:	data center network manager	scope:	-	version:	-	Trust: 12.7
vendor:	cisco	model:	data center network manager	scope:	lt	version:	11.3\(1\)	Trust: 1.0

sources: ZDI: ZDI-20-110 // ZDI: ZDI-20-020 // ZDI: ZDI-20-099 // ZDI: ZDI-20-096 // ZDI: ZDI-20-085 // ZDI: ZDI-20-038 // ZDI: ZDI-20-032 // ZDI: ZDI-20-059 // ZDI: ZDI-20-039 // ZDI: ZDI-20-069 // ZDI: ZDI-20-049 // ZDI: ZDI-20-109 // ZDI: ZDI-20-089 // ZDI: ZDI-20-029 // ZDI: ZDI-20-079 // ZDI: ZDI-20-019 // ZDI: ZDI-20-116 // JVNDB: JVNDB-2019-013737 // NVD: CVE-2019-15984

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2019-15984
value:	HIGH
Trust: 11.2
nvd@nist.gov:	CVE-2019-15984
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15984
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-15984
value:	HIGH
Trust: 0.8
ZDI:	CVE-2019-15984
value:	MEDIUM
Trust: 0.7
VULHUB:	VHN-148085
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-15984
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-148085
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ZDI:	CVE-2019-15984
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 8.4
ZDI:	CVE-2019-15984
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 2.8
ykramarz@cisco.com:	CVE-2019-15984
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-15984
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
ZDI:	CVE-2019-15984
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-110 // ZDI: ZDI-20-020 // ZDI: ZDI-20-099 // ZDI: ZDI-20-096 // ZDI: ZDI-20-085 // ZDI: ZDI-20-038 // ZDI: ZDI-20-032 // ZDI: ZDI-20-059 // ZDI: ZDI-20-039 // ZDI: ZDI-20-069 // ZDI: ZDI-20-049 // ZDI: ZDI-20-109 // ZDI: ZDI-20-089 // ZDI: ZDI-20-029 // ZDI: ZDI-20-079 // ZDI: ZDI-20-019 // ZDI: ZDI-20-116 // VULHUB: VHN-148085 // JVNDB: JVNDB-2019-013737 // NVD: CVE-2019-15984 // NVD: CVE-2019-15984

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-148085 // JVNDB: JVNDB-2019-013737 // NVD: CVE-2019-15984

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013737

PATCH

title:

cisco-sa-20200102-dcnm-sql-inject

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject

Trust: 12.7

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15984	Trust: 13.8
db:	PACKETSTORM	id:	156239	Trust: 1.1
db:	JVNDB	id:	JVNDB-2019-013737	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-9352	Trust: 0.7
db:	ZDI	id:	ZDI-20-110	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9043	Trust: 0.7
db:	ZDI	id:	ZDI-20-020	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9301	Trust: 0.7
db:	ZDI	id:	ZDI-20-099	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9283	Trust: 0.7
db:	ZDI	id:	ZDI-20-096	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9208	Trust: 0.7
db:	ZDI	id:	ZDI-20-085	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9182	Trust: 0.7
db:	ZDI	id:	ZDI-20-038	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9065	Trust: 0.7
db:	ZDI	id:	ZDI-20-032	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9127	Trust: 0.7
db:	ZDI	id:	ZDI-20-059	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9181	Trust: 0.7
db:	ZDI	id:	ZDI-20-039	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9187	Trust: 0.7
db:	ZDI	id:	ZDI-20-069	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9224	Trust: 0.7
db:	ZDI	id:	ZDI-20-049	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9351	Trust: 0.7
db:	ZDI	id:	ZDI-20-109	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9215	Trust: 0.7
db:	ZDI	id:	ZDI-20-089	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9063	Trust: 0.7
db:	ZDI	id:	ZDI-20-029	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9199	Trust: 0.7
db:	ZDI	id:	ZDI-20-079	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9042	Trust: 0.7
db:	ZDI	id:	ZDI-20-019	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9353	Trust: 0.7
db:	ZDI	id:	ZDI-20-116	Trust: 0.7
db:	CNNVD	id:	CNNVD-202001-038	Trust: 0.1
db:	VULHUB	id:	VHN-148085	Trust: 0.1

sources: ZDI: ZDI-20-110 // ZDI: ZDI-20-020 // ZDI: ZDI-20-099 // ZDI: ZDI-20-096 // ZDI: ZDI-20-085 // ZDI: ZDI-20-038 // ZDI: ZDI-20-032 // ZDI: ZDI-20-059 // ZDI: ZDI-20-039 // ZDI: ZDI-20-069 // ZDI: ZDI-20-049 // ZDI: ZDI-20-109 // ZDI: ZDI-20-089 // ZDI: ZDI-20-029 // ZDI: ZDI-20-079 // ZDI: ZDI-20-019 // ZDI: ZDI-20-116 // VULHUB: VHN-148085 // JVNDB: JVNDB-2019-013737 // NVD: CVE-2019-15984

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200102-dcnm-sql-inject	Trust: 13.0
url:	http://packetstormsecurity.com/files/156239/cisco-data-center-network-manager-11.2.1-sql-injection.html	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15984	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15984	Trust: 0.8

sources: ZDI: ZDI-20-110 // ZDI: ZDI-20-020 // ZDI: ZDI-20-099 // ZDI: ZDI-20-096 // ZDI: ZDI-20-085 // ZDI: ZDI-20-038 // ZDI: ZDI-20-032 // ZDI: ZDI-20-059 // ZDI: ZDI-20-039 // ZDI: ZDI-20-069 // ZDI: ZDI-20-049 // ZDI: ZDI-20-109 // ZDI: ZDI-20-089 // ZDI: ZDI-20-029 // ZDI: ZDI-20-079 // ZDI: ZDI-20-019 // ZDI: ZDI-20-116 // VULHUB: VHN-148085 // JVNDB: JVNDB-2019-013737 // NVD: CVE-2019-15984

CREDITS

Steven Seeley (mr_me) of Source Incite

Trust: 11.9

SOURCES

db:	ZDI	id:	ZDI-20-110
db:	ZDI	id:	ZDI-20-020
db:	ZDI	id:	ZDI-20-099
db:	ZDI	id:	ZDI-20-096
db:	ZDI	id:	ZDI-20-085
db:	ZDI	id:	ZDI-20-038
db:	ZDI	id:	ZDI-20-032
db:	ZDI	id:	ZDI-20-059
db:	ZDI	id:	ZDI-20-039
db:	ZDI	id:	ZDI-20-069
db:	ZDI	id:	ZDI-20-049
db:	ZDI	id:	ZDI-20-109
db:	ZDI	id:	ZDI-20-089
db:	ZDI	id:	ZDI-20-029
db:	ZDI	id:	ZDI-20-079
db:	ZDI	id:	ZDI-20-019
db:	ZDI	id:	ZDI-20-116
db:	VULHUB	id:	VHN-148085
db:	JVNDB	id:	JVNDB-2019-013737
db:	NVD	id:	CVE-2019-15984

LAST UPDATE DATE

2024-10-06T22:54:43.575000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-110	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-020	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-099	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-096	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-085	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-038	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-032	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-059	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-039	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-069	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-049	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-109	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-089	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-029	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-079	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-019	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-116	date:	2020-01-03T00:00:00
db:	VULHUB	id:	VHN-148085	date:	2023-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-013737	date:	2020-01-15T00:00:00
db:	NVD	id:	CVE-2019-15984	date:	2023-02-02T19:19:58.673

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-110	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-020	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-099	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-096	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-085	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-038	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-032	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-059	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-039	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-069	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-049	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-109	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-089	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-029	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-079	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-019	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-116	date:	2020-01-03T00:00:00
db:	VULHUB	id:	VHN-148085	date:	2020-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-013737	date:	2020-01-15T00:00:00
db:	NVD	id:	CVE-2019-15984	date:	2020-01-06T08:15:11.440