Vulnerability in Cisco Data Center Network Manager
CVE-2019-1622
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improp…
EPSS: 0.845 (99.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Cisco Data Center Network Manager — versions unspecified
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 20190626 Cisco Data Center Network Manager Information Disclosure Vulnerability (vendor-advisory, x_refsource_CISCO)
- 108908 (vdb-entry, x_refsource_BID)
- 20190708 Cisco Data Center Manager multiple vulns; RCE as root (mailing-list, x_refsource_BUGTRAQ)
- packetstormsecurity.com/files/153546/Cisco-Data-Center-Network-Manager-11.1-1-R… (x_refsource_MISC)
- 20190709 Cisco Data Center Manager multiple vulns; RCE as root (mailing-list, x_refsource_FULLDISC)
- packetstormsecurity.com/files/154304/Cisco-Data-Center-Network-Manager-Unauthen… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2019-1622?
- CVE-2019-1622 is a medium-severity vulnerability in Cisco Data Center Network Manager, classified under Improper Access Control. CVSS score: 5.3/10. Published 2019-06-27.
- How severe is CVE-2019-1622?
- Medium severity. CVSS v3 base score is 5.3 out of 10.
- Is CVE-2019-1622 known to be exploited?
- 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.