CVE-2019-15999

MEDIUM

Cisco DCNM - Privilege Escalation

Title source: llm

Description

A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts.

Exploits (1)

exploitdb WORKING POC

by hantwister · textremotejava

https://www.exploit-db.com/exploits/47885

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-unauth-access

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/155870/Cisco-DCNM-JBoss-10.4-Credential-Leakage.html

Scores

CVSS v3 6.3

EPSS 0.0316

EPSS Percentile 87.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (1)

cisco/data_center_network_manager < 11.3\(1\)

Published Jan 06, 2020

Tracked Since Feb 18, 2026