CVE-2019-1620

CRITICAL

Cisco Data Center Network Manager - Path Traversal

Title source: rule

Description

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device.

Exploits (1)

exploitdb WORKING POC

rubyremotejava

https://www.exploit-db.com/exploits/47347

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/153546/Cisco-Data-Center-Network-Manager-11.1-1-Remote-Code-Execution.html

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/154304/Cisco-Data-Center-Network-Manager-Unauthenticated-Remote-Code-Execution.html

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2019/Jul/7

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/108906

[Mailing List, Third Party Advisory] https://seclists.org/bugtraq/2019/Jul/11

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-codex

Scores

CVSS v3 9.8

EPSS 0.8585

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22 CWE-264

Status published

Products (1)

cisco/data_center_network_manager 11.0\(1\)

Published Jun 27, 2019

Tracked Since Feb 18, 2026