8 matches found
Cisco Data Center Network Manager Information Disclosure Vulnerability
An information disclosure vulnerability exists in the web-based management interface of Cisco Data Center Network Manager DCNM due to improper access controls for certain URLs on affected DCNM software. An unauthenticated, remote attacker can exploit this, by connecting to the web-based managemen...
Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Data Center Network Manager Unauthenticated Remote Code Execution', 'Description' = %q DCNM exposes a file upload servlet FileUploadServlet...
CVE-2019-1622
creationtimestamp| type| source ---|---|--- 2019-09-02 15:56:25+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/ciscodcnmupload2019.rb 2019-09-03 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47347 2021-09-21 04:41:50+00:00| see...
Cisco Data Center Network Manager Unauthenticated Remote Code Execution Exploit
DCNM exposes a file upload servlet FileUploadServlet at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication...
Cisco Data Center Network Manager Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Data Center Network Manager Unauthenticated Remote Code Execution', 'Description' = %q DCNM exposes a file upload servlet FileUploadServlet...
Cisco Data Center Network Manager Unauthenticated Remote Code Execution
DCNM exposes a file upload servlet FileUploadServlet at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication...
CVE-2019-1622 Cisco Data Center Network Manager Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM softwar...
CVE-2019-1622
CVE-2019-1622 describes an information-disclosure vulnerability in Cisco Data Center Network Manager (DCNM). The issue arises in the web-based management interface due to improper access control for certain URLs, allowing an unauthenticated, remote attacker to request specific URLs and potentiall...