CVE-2019-15984 — Vulnetix

CVE-2019-15984 PUBLISHED CVSS 7.199999809265137 HIGH

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.

EPSS 24.35% · 96.2th percentile

Risk Scores

CVSS 3.0

7.199999809265137

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

24.35%

96.2th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco Data Center Network Manager	unspecified
cisco	data_center_network_manager	0

Exploit Intelligence

http://packetstormsecurity.com/files/156239/Cisco-Data-Center-Network-Manager-11.2.1-SQL-Injection.html (nist-nvd)
CIRCL exploited: CVE-2019-15984 (circl-sighting)
20200102 Cisco Data Center Network Manager SQL Injection Vulnerabilities (circl)
ET EXPLOIT Cisco Data Center Network Manager SQL Injection Inbound (CVE-2019-15984) (emergingthreats)
ET EXPLOIT Cisco Data Center Network Manager SQL Injection Inbound (CVE-2019-15984) (emergingthreats)
Cisco Data Center Network Manager 11.2.1 - (getVmHostData) SQL Injection Exploit (0day-today)
Cisco Data Center Network Manager 11.2.1 - (getVmHostData) SQL Injection Exploit (0day-today)

Timeline

Jan 2, 2020 CVE Published
Feb 6, 2020 PoC Published
Feb 6, 2020 PoC Published
Apr 14, 2021 EPSS Score
Jul 24, 2021 PoC Published
Aug 24, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Mar 7, 2023 EPSS Score

References

Open in Interactive Console →