CVE-2019-15975

CRITICAL

Cisco Data Center Network Manager < 11.3(1) - Unauthenticated Remote Code Execution via Authentication Bypass

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-15975. PoCs published by mr_me, MR_ME, including Metasploit module auxiliary/admin/networking/cisco_dcnm_auth_bypass.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in Cisco Data Center Network Manager (DCNM) via the SanWS importTS endpoint to achieve remote code execution. It bypasses authentication, adds a global admin user, and loads a malicious Java class from an SMB share to establish a reverse shell.

Description

Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Exploits (2)

exploitdb WORKING POC VERIFIED

by mr_me · pythonwebappsjava

https://www.exploit-db.com/exploits/48018

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in Cisco Data Center Network Manager (DCNM) via the SanWS importTS endpoint to achieve remote code execution. It bypasses authentication, adds a global admin user, and loads a malicious Java class from an SMB share to establish a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Cisco Data Center Network Manager (DCNM) 11.2.1

No auth needed

Prerequisites: Network access to the target · SMB share hosting the malicious Java class · Java 8 compiled malicious class

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1078 - Valid Accounts T1036 - Masquerading

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by MR_ME · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass vulnerability in Cisco DCNM by crafting a token using a hardcoded AES key and adding an admin account via session stealing. It requires a recent admin connection to succeed.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Cisco Data Center Network Manager (DCNM)

No auth needed

Prerequisites: Recent admin session on the target · Network access to the DCNM interface

MITRE ATT&CK

T1110 - Brute Force T1550 - Use Alternate Authentication Material

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/156238/Cisco-Data-Center-Network-Manager-11.2-Remote-Code-Execution.html

Scores

CVSS v3 9.8

EPSS 0.8514

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-798

Status published

Products (1)

cisco/data_center_network_manager < 11.3\(1\)

Published Jan 06, 2020

Tracked Since Feb 18, 2026