Lucene search

[email protected]CVE-2019-1622

HistoryJun 27, 2019 - 3:15 a.m.

CVE-2019-1622

2019-06-2703:15:09

CWE-284

CWE-532

[email protected]

web.nvd.nist.gov

110

cisco

dcnm

web-based management

vulnerability

cve-2019-1622

nvd

information security

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.683 Medium

EPSS

Percentile

98.0%

JSON

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download log files and diagnostic information from the affected device.

Affected configurations

NVD

Node

ciscodata_center_network_managerMatch11.0\(1\)

CPENameOperatorVersion
cisco:data_center_network_managercisco data center network managereq11.0\(1\)

CPE	Name	Operator	Version
cisco:data_center_network_manager	cisco data center network manager	eq	11.0\(1\)

CNA Affected

[
  {
    "product": "Cisco Data Center Network Manager ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "11.2(1)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]