What is CVE-2019-15975?

CVE-2019-15975 is a critical-severity vulnerability in Cisco Data Center Network Manager, classified under Use of Hard-coded Credentials. CVSS score: 9.8/10. Published 2020-01-06.

How severe is CVE-2019-15975?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2019-15975 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Cisco Data Center Network Manager

CVE-2019-15975

Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on…

EPSS: 0.851 (99.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Data Center Network Manager — versions unspecified

Weakness classification (CWE)

CWE-798 — Use of Hard-coded Credentials

Public proof-of-concept exploits

References

20200102 Cisco Data Center Network Manager Authentication Bypass Vulnerabilities (vendor-advisory, x_refsource_CISCO)
packetstormsecurity.com/files/156238/Cisco-Data-Center-Network-Manager-11.2-Rem… (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-15975?: CVE-2019-15975 is a critical-severity vulnerability in Cisco Data Center Network Manager, classified under Use of Hard-coded Credentials. CVSS score: 9.8/10. Published 2020-01-06.
How severe is CVE-2019-15975?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2019-15975 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.