Details of VAR-202001-0785

ID

VAR-202001-0785

CVE

CVE-2019-15985

TITLE

Cisco Data Center Network Manager In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013738

DESCRIPTION

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the processing of requests to the DbInventoryWSService/DbInventoryWS service. When parsing the first parameter of the getEndPortConnectionsForStorageEnclosure endpoint, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. The vulnerability stems from insufficient input validation provided by the user to the API. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 3.51

sources: NVD: CVE-2019-15985 // JVNDB: JVNDB-2019-013738 // ZDI: ZDI-20-061 // ZDI: ZDI-20-062 // CNVD: CNVD-2020-00282 // VULHUB: VHN-148086

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-00282

AFFECTED PRODUCTS

vendor:	cisco	model:	data center network manager	scope:	-	version:	-	Trust: 2.2
vendor:	cisco	model:	data center network manager	scope:	lt	version:	11.3\(1\)	Trust: 1.0
vendor:	cisco	model:	data center network manager	scope:	lt	version:	11.3(1)	Trust: 0.6
vendor:	cisco	model:	data center network manager	scope:	eq	version:	10.31	Trust: 0.6
vendor:	cisco	model:	data center network manager	scope:	eq	version:	4.0	Trust: 0.6
vendor:	cisco	model:	data center network manager	scope:	eq	version:	10.41	Trust: 0.6
vendor:	cisco	model:	data center network manager	scope:	eq	version:	10.21	Trust: 0.6
vendor:	cisco	model:	data center network manager	scope:	eq	version:	5.0	Trust: 0.6
vendor:	cisco	model:	data center network manager	scope:	eq	version:	10.1	Trust: 0.6
vendor:	cisco	model:	data center network manager	scope:	eq	version:	4.1	Trust: 0.6
vendor:	cisco	model:	data center network manager	scope:	eq	version:	10.42	Trust: 0.6
vendor:	cisco	model:	data center network manager	scope:	eq	version:	10.0	Trust: 0.6
vendor:	cisco	model:	data center network manager	scope:	eq	version:	4.2	Trust: 0.6

sources: ZDI: ZDI-20-061 // ZDI: ZDI-20-062 // CNVD: CNVD-2020-00282 // JVNDB: JVNDB-2019-013738 // CNNVD: CNNVD-202001-034 // NVD: CVE-2019-15985

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2019-15985
value:	HIGH
Trust: 1.4
nvd@nist.gov:	CVE-2019-15985
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15985
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-15985
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-00282
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202001-034
value:	HIGH
Trust: 0.6
VULHUB:	VHN-148086
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-15985
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-00282
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-148086
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-15985
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.8
ZDI:	CVE-2019-15985
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.4
nvd@nist.gov:	CVE-2019-15985
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: ZDI: ZDI-20-061 // ZDI: ZDI-20-062 // CNVD: CNVD-2020-00282 // VULHUB: VHN-148086 // JVNDB: JVNDB-2019-013738 // CNNVD: CNNVD-202001-034 // NVD: CVE-2019-15985 // NVD: CVE-2019-15985

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-148086 // JVNDB: JVNDB-2019-013738 // NVD: CVE-2019-15985

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-034

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202001-034

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013738

PATCH

title:	cisco-sa-20200102-dcnm-sql-inject	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject	Trust: 2.2
title:	Patch for Cisco Data Center Network Manager SOAP API SQL Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/195961	Trust: 0.6
title:	Cisco Data Center Network Manager SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106179	Trust: 0.6

sources: ZDI: ZDI-20-061 // ZDI: ZDI-20-062 // CNVD: CNVD-2020-00282 // JVNDB: JVNDB-2019-013738 // CNNVD: CNNVD-202001-034

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15985	Trust: 4.5
db:	ZDI	id:	ZDI-20-062	Trust: 1.3
db:	JVNDB	id:	JVNDB-2019-013738	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-9166	Trust: 0.7
db:	ZDI	id:	ZDI-20-061	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9167	Trust: 0.7
db:	CNNVD	id:	CNNVD-202001-034	Trust: 0.7
db:	CNVD	id:	CNVD-2020-00282	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0033	Trust: 0.6
db:	VULHUB	id:	VHN-148086	Trust: 0.1

sources: ZDI: ZDI-20-061 // ZDI: ZDI-20-062 // CNVD: CNVD-2020-00282 // VULHUB: VHN-148086 // JVNDB: JVNDB-2019-013738 // CNNVD: CNNVD-202001-034 // NVD: CVE-2019-15985

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200102-dcnm-sql-inject	Trust: 4.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15985	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15985	Trust: 0.8
url:	https://www.zerodayinitiative.com/advisories/zdi-20-062/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-data-center-network-manager-sql-injection-via-rest-soap-31255	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0033/	Trust: 0.6

sources: ZDI: ZDI-20-061 // ZDI: ZDI-20-062 // CNVD: CNVD-2020-00282 // VULHUB: VHN-148086 // JVNDB: JVNDB-2019-013738 // CNNVD: CNNVD-202001-034 // NVD: CVE-2019-15985

CREDITS

Steven Seeley (mr_me) of Source Incite

Trust: 1.4

sources: ZDI: ZDI-20-061 // ZDI: ZDI-20-062

SOURCES

db:	ZDI	id:	ZDI-20-061
db:	ZDI	id:	ZDI-20-062
db:	CNVD	id:	CNVD-2020-00282
db:	VULHUB	id:	VHN-148086
db:	JVNDB	id:	JVNDB-2019-013738
db:	CNNVD	id:	CNNVD-202001-034
db:	NVD	id:	CVE-2019-15985

LAST UPDATE DATE

2024-08-14T14:12:01.818000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-061	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-062	date:	2020-01-03T00:00:00
db:	CNVD	id:	CNVD-2020-00282	date:	2020-01-03T00:00:00
db:	VULHUB	id:	VHN-148086	date:	2020-01-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-013738	date:	2020-01-15T00:00:00
db:	CNNVD	id:	CNNVD-202001-034	date:	2020-01-17T00:00:00
db:	NVD	id:	CVE-2019-15985	date:	2020-01-08T20:55:54.203

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-061	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-062	date:	2020-01-03T00:00:00
db:	CNVD	id:	CNVD-2020-00282	date:	2020-01-03T00:00:00
db:	VULHUB	id:	VHN-148086	date:	2020-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-013738	date:	2020-01-15T00:00:00
db:	CNNVD	id:	CNNVD-202001-034	date:	2020-01-02T00:00:00
db:	NVD	id:	CVE-2019-15985	date:	2020-01-06T08:15:11.503