CVE-2019-15976

CRITICAL

Cisco Data Center Network Manager < 11.3(1) - Unauthenticated Authentication Bypass via Hard-coded Credentials

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-15976.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Cisco Data Center Network Manager (DCNM) that leads to remote code execution. It leverages an authentication bypass, SQL injection, and directory traversal to deploy a JSP shell for command execution.

Description

Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Exploits (1)

exploitdb WORKING POC
pythonwebappsjava
https://www.exploit-db.com/exploits/48019

This exploit demonstrates a SQL injection vulnerability in Cisco Data Center Network Manager (DCNM) that leads to remote code execution. It leverages an authentication bypass, SQL injection, and directory traversal to deploy a JSP shell for command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Cisco Data Center Network Manager 11.2.1
No auth needed
Prerequisites: Network access to the target · Target running vulnerable Cisco DCNM version
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.9284
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-798
Status published
Products (1)
cisco/data_center_network_manager < 11.3\(1\)
Published Jan 06, 2020
Tracked Since Feb 18, 2026