55 matches found
EUVD-2020-24790
Malware in sbrugna...
EUVD-2020-24809
Malware in sbrugna...
Cisco DCNM Auth Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'securerandom' require 'base64' class MetasploitModule 'Cisco DCNM auth bypass', 'Description' = %q This exploit is able to add an admin account to a Cisco DCNM...
Cisco DCNM auth bypass
This exploit is able to add an admin account to a Cisco DCNM with credentials you can choose. After that, you can login to the web interface with those credentials. The only necessary condition is the more or less recent connection of an admin as this exploit uses a kind of session stealing. Modu...
CVE-2021-1283
A vulnerability in the logging subsystem of Cisco Data Center Network Manager DCNM could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is...
CVE-2021-1276
Multiple vulnerabilities in Cisco Data Center Network Manager DCNM could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when...
CVE-2021-1253
Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager DCNM could allow a remote attacker with network-operator privileges to conduct a cross-site scripting XSS attack or a reflected file download RFD attack against a user of the interface. For more...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager DCNM could allow a remote attacker with network-operator privileges to conduct a cross-site scripting XSS attack or a reflected file download RFD attack against a user of the interface. For more...
Design/Logic Flaw
Multiple vulnerabilities in Cisco Data Center Network Manager DCNM could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when...
CVE-2020-3522
A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to bypass authorization on an affected device and access sensitive information that is related to the device. The vulnerability exists because the...
Path traversal
A vulnerability in a specific REST API method of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attack...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface...
CVE-2020-3521 Cisco Data Center Network Manager Read File Path Traversal Vulnerability
A vulnerability in a specific REST API of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker...
CVE-2020-3462
A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could...
CVE-2020-3382
A vulnerability in the REST API of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a...
CVE-2020-3461
A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of the web-based...
CVE-2020-3384
A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. The vulnerability is due to insufficient validation of...
CVE-2020-3376
A vulnerability in the Device Manager application of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper...
Authorization
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions...
Authentication flaw
A vulnerability in the Device Manager application of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper...