Sign-up

ID

VAR-202001-0784


CVE

CVE-2019-15984


TITLE

Cisco Data Center Network Manager getSwitchDbIdBySerialNumber SQL Injection Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-20-110

DESCRIPTION

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the processing of requests to the StatisticsWSService/StatisticsWS service. When parsing the sortType parameter of the getSwitchBandwidthStatList endpoint, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. The vulnerability stems from insufficient input validation provided by the user to the API. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 11.61

sources: NVD: CVE-2019-15984 // ZDI: ZDI-20-020 // ZDI: ZDI-20-115 // ZDI: ZDI-20-042 // ZDI: ZDI-20-082 // ZDI: ZDI-20-072 // ZDI: ZDI-20-022 // ZDI: ZDI-20-052 // ZDI: ZDI-20-110 // ZDI: ZDI-20-112 // ZDI: ZDI-20-092 // ZDI: ZDI-20-032 // ZDI: ZDI-20-038 // ZDI: ZDI-20-085 // ZDI: ZDI-20-096 // ZDI: ZDI-20-099 // ZDI: ZDI-20-105 // CNVD: CNVD-2020-00281 // VULHUB: VHN-148085

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-00281

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 11.2

vendor:ciscomodel:data center network managerscope:ltversion:11.3\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope:ltversion:11.3(1)

Trust: 0.6

sources: ZDI: ZDI-20-110 // ZDI: ZDI-20-020 // ZDI: ZDI-20-099 // ZDI: ZDI-20-096 // ZDI: ZDI-20-085 // ZDI: ZDI-20-038 // ZDI: ZDI-20-032 // ZDI: ZDI-20-092 // ZDI: ZDI-20-112 // ZDI: ZDI-20-105 // ZDI: ZDI-20-052 // ZDI: ZDI-20-022 // ZDI: ZDI-20-072 // ZDI: ZDI-20-082 // ZDI: ZDI-20-042 // ZDI: ZDI-20-115 // CNVD: CNVD-2020-00281 // NVD: CVE-2019-15984

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2019-15984
value: HIGH

Trust: 9.8

ZDI: CVE-2019-15984
value: MEDIUM

Trust: 1.4

nvd@nist.gov: CVE-2019-15984
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15984
value: HIGH

Trust: 1.0

CNVD: CNVD-2020-00281
value: HIGH

Trust: 0.6

VULHUB: VHN-148085
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-15984
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-00281
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-148085
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2019-15984
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 7.7

ZDI: CVE-2019-15984
baseSeverity: HIGH
baseScore: 7.2
vectorString: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.4

ZDI: CVE-2019-15984
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2019-15984
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15984
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

ZDI: CVE-2019-15984
baseSeverity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-110 // ZDI: ZDI-20-020 // ZDI: ZDI-20-099 // ZDI: ZDI-20-096 // ZDI: ZDI-20-085 // ZDI: ZDI-20-038 // ZDI: ZDI-20-032 // ZDI: ZDI-20-092 // ZDI: ZDI-20-112 // ZDI: ZDI-20-105 // ZDI: ZDI-20-052 // ZDI: ZDI-20-022 // ZDI: ZDI-20-072 // ZDI: ZDI-20-082 // ZDI: ZDI-20-042 // ZDI: ZDI-20-115 // CNVD: CNVD-2020-00281 // VULHUB: VHN-148085 // NVD: CVE-2019-15984 // NVD: CVE-2019-15984

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

sources: VULHUB: VHN-148085 // NVD: CVE-2019-15984

PATCH

title:Cisco has issued an update to correct this vulnerability.url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject

Trust: 11.2

title:Patch for Cisco Data Center Network Manager REST API SQL Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/195959

Trust: 0.6

sources: ZDI: ZDI-20-110 // ZDI: ZDI-20-020 // ZDI: ZDI-20-099 // ZDI: ZDI-20-096 // ZDI: ZDI-20-085 // ZDI: ZDI-20-038 // ZDI: ZDI-20-032 // ZDI: ZDI-20-092 // ZDI: ZDI-20-112 // ZDI: ZDI-20-105 // ZDI: ZDI-20-052 // ZDI: ZDI-20-022 // ZDI: ZDI-20-072 // ZDI: ZDI-20-082 // ZDI: ZDI-20-042 // ZDI: ZDI-20-115 // CNVD: CNVD-2020-00281

EXTERNAL IDS

db:NVDid:CVE-2019-15984

Trust: 12.9

db:PACKETSTORMid:156239

Trust: 1.1

db:ZDI_CANid:ZDI-CAN-9352

Trust: 0.7

db:ZDIid:ZDI-20-110

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9043

Trust: 0.7

db:ZDIid:ZDI-20-020

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9301

Trust: 0.7

db:ZDIid:ZDI-20-099

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9283

Trust: 0.7

db:ZDIid:ZDI-20-096

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9208

Trust: 0.7

db:ZDIid:ZDI-20-085

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9182

Trust: 0.7

db:ZDIid:ZDI-20-038

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9065

Trust: 0.7

db:ZDIid:ZDI-20-032

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9218

Trust: 0.7

db:ZDIid:ZDI-20-092

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9360

Trust: 0.7

db:ZDIid:ZDI-20-112

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9347

Trust: 0.7

db:ZDIid:ZDI-20-105

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9060

Trust: 0.7

db:ZDIid:ZDI-20-052

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9051

Trust: 0.7

db:ZDIid:ZDI-20-022

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9192

Trust: 0.7

db:ZDIid:ZDI-20-072

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9202

Trust: 0.7

db:ZDIid:ZDI-20-082

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9219

Trust: 0.7

db:ZDIid:ZDI-20-042

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9340

Trust: 0.7

db:ZDIid:ZDI-20-115

Trust: 0.7

db:CNVDid:CNVD-2020-00281

Trust: 0.6

db:CNNVDid:CNNVD-202001-038

Trust: 0.1

db:VULHUBid:VHN-148085

Trust: 0.1

sources: ZDI: ZDI-20-110 // ZDI: ZDI-20-020 // ZDI: ZDI-20-099 // ZDI: ZDI-20-096 // ZDI: ZDI-20-085 // ZDI: ZDI-20-038 // ZDI: ZDI-20-032 // ZDI: ZDI-20-092 // ZDI: ZDI-20-112 // ZDI: ZDI-20-105 // ZDI: ZDI-20-052 // ZDI: ZDI-20-022 // ZDI: ZDI-20-072 // ZDI: ZDI-20-082 // ZDI: ZDI-20-042 // ZDI: ZDI-20-115 // CNVD: CNVD-2020-00281 // VULHUB: VHN-148085 // NVD: CVE-2019-15984

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200102-dcnm-sql-inject

Trust: 12.9

url:http://packetstormsecurity.com/files/156239/cisco-data-center-network-manager-11.2.1-sql-injection.html

Trust: 1.1

sources: ZDI: ZDI-20-110 // ZDI: ZDI-20-020 // ZDI: ZDI-20-099 // ZDI: ZDI-20-096 // ZDI: ZDI-20-085 // ZDI: ZDI-20-038 // ZDI: ZDI-20-032 // ZDI: ZDI-20-092 // ZDI: ZDI-20-112 // ZDI: ZDI-20-105 // ZDI: ZDI-20-052 // ZDI: ZDI-20-022 // ZDI: ZDI-20-072 // ZDI: ZDI-20-082 // ZDI: ZDI-20-042 // ZDI: ZDI-20-115 // CNVD: CNVD-2020-00281 // VULHUB: VHN-148085 // NVD: CVE-2019-15984

CREDITS

Steven Seeley (mr_me) of Source Incite

Trust: 11.2

sources: ZDI: ZDI-20-110 // ZDI: ZDI-20-020 // ZDI: ZDI-20-099 // ZDI: ZDI-20-096 // ZDI: ZDI-20-085 // ZDI: ZDI-20-038 // ZDI: ZDI-20-032 // ZDI: ZDI-20-092 // ZDI: ZDI-20-112 // ZDI: ZDI-20-105 // ZDI: ZDI-20-052 // ZDI: ZDI-20-022 // ZDI: ZDI-20-072 // ZDI: ZDI-20-082 // ZDI: ZDI-20-042 // ZDI: ZDI-20-115

SOURCES

db:ZDIid:ZDI-20-110
db:ZDIid:ZDI-20-020
db:ZDIid:ZDI-20-099
db:ZDIid:ZDI-20-096
db:ZDIid:ZDI-20-085
db:ZDIid:ZDI-20-038
db:ZDIid:ZDI-20-032
db:ZDIid:ZDI-20-092
db:ZDIid:ZDI-20-112
db:ZDIid:ZDI-20-105
db:ZDIid:ZDI-20-052
db:ZDIid:ZDI-20-022
db:ZDIid:ZDI-20-072
db:ZDIid:ZDI-20-082
db:ZDIid:ZDI-20-042
db:ZDIid:ZDI-20-115
db:CNVDid:CNVD-2020-00281
db:VULHUBid:VHN-148085
db:NVDid:CVE-2019-15984

LAST UPDATE DATE

2024-11-20T22:28:50.142000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-110date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-020date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-099date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-096date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-085date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-038date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-032date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-092date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-112date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-105date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-052date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-022date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-072date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-082date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-042date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-115date:2020-01-03T00:00:00
db:CNVDid:CNVD-2020-00281date:2020-01-03T00:00:00
db:VULHUBid:VHN-148085date:2023-02-02T00:00:00
db:NVDid:CVE-2019-15984date:2023-02-02T19:19:58.673

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-110date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-020date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-099date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-096date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-085date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-038date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-032date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-092date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-112date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-105date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-052date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-022date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-072date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-082date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-042date:2020-01-03T00:00:00
db:ZDIid:ZDI-20-115date:2020-01-03T00:00:00
db:CNVDid:CNVD-2020-00281date:2020-01-03T00:00:00
db:VULHUBid:VHN-148085date:2020-01-06T00:00:00
db:NVDid:CVE-2019-15984date:2020-01-06T08:15:11.440