Vulnerability in Cisco Data Center Network Manager
CVE-2019-1620
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permis…
EPSS: 0.856 (99.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Cisco Data Center Network Manager — versions unspecified
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 20190626 Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability (vendor-advisory, x_refsource_CISCO)
- 108906 (vdb-entry, x_refsource_BID)
- 20190708 Cisco Data Center Manager multiple vulns; RCE as root (mailing-list, x_refsource_BUGTRAQ)
- packetstormsecurity.com/files/153546/Cisco-Data-Center-Network-Manager-11.1-1-R… (x_refsource_MISC)
- 20190709 Cisco Data Center Manager multiple vulns; RCE as root (mailing-list, x_refsource_FULLDISC)
- packetstormsecurity.com/files/154304/Cisco-Data-Center-Network-Manager-Unauthen… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2019-1620?
- CVE-2019-1620 is a critical-severity vulnerability in Cisco Data Center Network Manager, classified under CWE-264. CVSS score: 9.8/10. Published 2019-06-27.
- How severe is CVE-2019-1620?
- Critical severity. CVSS v3 base score is 9.8 out of 10.
- Is CVE-2019-1620 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.