Lucene search
+L
CiscoData Center Network Manager

68 matches found

CVE
CVE
added 2020/01/06 7:45 a.m.60 views

CVE-2019-15980

Cisco Data Center Network Manager (DCNM) has a path traversal vulnerability (CVE-2019-15980) in the REST and SOAP API endpoints and the Application Framework. The issue arises from insufficient validation of user-supplied input, allowing an authenticated, remote attacker with administrative privi...

9CVSS7.3AI score0.4996EPSS
Web
CVE
CVE
added 2020/07/16 5:21 p.m.60 views

CVE-2020-3380

CVE-2020-3380 concerns Cisco Data Center Network Manager (DCNM). The issue is a privilege-escalation in the DCNM CLI: an authenticated, local attacker could exploit insufficient restrictions on an affected CLI command to elevate to root and execute arbitrary OS commands. The path described involv...

7.8CVSS7.8AI score0.00602EPSS
CVE
CVE
added 2021/01/20 8:10 p.m.60 views

CVE-2021-1253

CVE-2021-1253 concerns Cisco Data Center Network Manager (DCNM) web interface: multiple vulnerabilities enabling XSS and a reflected file download (RFD) by a remote attacker with network-operator privileges. Root cause is input validation issues in the DCNM web UI (CNVD reference corroborates an ...

6.5CVSS5.7AI score0.00614EPSS
CVE
CVE
added 2020/08/26 4:15 p.m.59 views

CVE-2020-3519

Cisco Data Center Network Manager (DCNM) is affected by a REST API path-traversal vulnerability due to insufficient input validation. An authenticated, remote attacker could craft requests to the API and overwrite arbitrary files on affected devices. Public documentation references guidance that ...

8.1CVSS6.6AI score0.00969EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.58 views

CVE-2018-0450

CVE-2018-0450 concerns Cisco Data Center Network Manager (DCNM). The vulnerability is in the web-based management interface, caused by insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack by tricking a user int...

6.1CVSS6AI score0.00918EPSS
CVE
CVE
added 2017/11/30 9:0 a.m.57 views

CVE-2017-12346

CVE-2017-12346 affects Cisco Data Center Network Manager (DCNM). Connected documents confirm multiple vulnerabilities in DCNM Software that could let a remote attacker inject arbitrary values into DCNM configuration parameters, redirect users to malicious websites, inject content into a DCNM clie...

6.1CVSS6AI score0.0085EPSS
CVE
CVE
added 2020/07/16 5:21 p.m.57 views

CVE-2020-3348

CVE-2020-3348 affects Cisco Data Center Network Manager (DCNM) Web Management Interface. The underlying issue is insufficient validation of user-supplied input, enabling cross-site scripting (XSS) by persuading a user to click a crafted link. An authenticated, remote attacker could execute arbitr...

4.8CVSS5.1AI score0.00622EPSS
CVE
CVE
added 2020/01/06 7:45 a.m.56 views

CVE-2019-15982

Cisco DCNM

9CVSS7.4AI score0.14322EPSS
CVE
CVE
added 2020/01/06 7:45 a.m.56 views

CVE-2019-15985

CVE-2019-15985 corresponds to multiple SQL injection vulnerabilities in Cisco Data Center Network Manager (DCNM) REST and SOAP APIs. Affected versions are DCNM prior to 11.3(1). An authenticated, remote attacker with administrative privileges can exploit insufficient input validation to execute a...

9CVSS7.9AI score0.03304EPSS
CVE
CVE
added 2020/08/26 4:15 p.m.56 views

CVE-2020-3521

CVE-2020-3521 affects Cisco Data Center Network Manager (DCNM) REST API. The issue is an input-validation weakness in the API, allowing an authenticated, low-privileged attacker to perform directory/path traversal and read arbitrary files on the device. Documented in multiple sources, Cisco has r...

6.5CVSS5.7AI score0.01787EPSS
CVE
CVE
added 2021/01/20 7:58 p.m.56 views

CVE-2021-1255

Cisco DCNM REST API path and data handling vulnerabilities (CVE-2021-1255) allow an authenticated, remote attacker to view, modify, and delete data due to insufficient authorization checks in a DCNM REST endpoint. Public sources reference path traversal in DCNM versions prior to 11.4(1) and a bro...

5.5CVSS5AI score0.00668EPSS
CVE
CVE
added 2020/01/06 7:45 a.m.55 views

CVE-2019-15981

Cisco DCNM CVE-2019-15981 involves multiple directory traversal vulnerabilities in the REST and SOAP API endpoints and the Application Framework. An authenticated, remote attacker with administrative privileges could exploit path traversal flaws to read, write, or execute arbitrary files on affec...

9CVSS7.3AI score0.14322EPSS
CVE
CVE
added 2017/11/30 9:0 a.m.54 views

CVE-2017-12347

CVE-2017-12347 affects Cisco Data Center Network Manager (DCNM) Software. Connected documents confirm multiple vulnerabilities in DCNM that could allow a remote attacker to inject arbitrary values into configuration parameters, redirect users to malicious sites, inject content into a DCNM client ...

6.1CVSS6AI score0.0085EPSS
CVE
CVE
added 2020/08/26 4:15 p.m.54 views

CVE-2020-3523

The CVE-2020-3523 entry concerns Cisco Data Center Network Manager (DCNM). The connected documents confirm a cross-site scripting (XSS) vulnerability in the DCNM web-based management interface, exploitable by an authenticated, remote attacker who can lure a user into clicking a crafted link. The ...

6.5CVSS5.7AI score0.00622EPSS
CVE
CVE
added 2021/01/20 7:56 p.m.54 views

CVE-2021-1276

Cisco Data Center Network Manager (DCNM) contains certificate-validation vulnerabilities that arise when establishing HTTPS connections, due to insufficient certificate validation. These flaws could allow an attacker to spoof a trusted host or mount a man-in-the-middle to extract sensitive inform...

7.5CVSS6.6AI score0.00399EPSS
CVE
CVE
added 2017/11/30 9:0 a.m.53 views

CVE-2017-12344

Cisco DCNM Software contains multiple vulnerabilities described in CVE-2017-12344 involving the web interface: an HTTP injection/input-validation failure in DCNM’s HTTP headers/parameters could let a remote attacker inject arbitrary configuration values, redirect users to malicious sites, and inj...

6.1CVSS6AI score0.00926EPSS
CVE
CVE
added 2020/08/26 4:15 p.m.46 views

CVE-2020-3522

Cisco Data Center Network Manager (DCNM) Web Management Interface contains an Authorization Bypass vulnerability that can be exploited by an authenticated attacker via a crafted URL to access resources intended for administrators, enabling add/delete/edit of network configurations with admin priv...

6.5CVSS6.2AI score0.00805EPSS
CVE
CVE
added 2017/08/07 6:0 a.m.41 views

CVE-2011-4650

CVE-2011-4650 affects Cisco Data Center Network Manager. The issue is caused by Excessive Logging During a TCP Flood on Java Ports, where an oversized server.log leads to increased CPU utilization. Affected release: 5.2(1). Fixed releases: 6.0(0)SL1(0.14) and 5.2(2.73)S0. Practical impact is incr...

7.5CVSS7.5AI score0.01341EPSS
Total number of security vulnerabilities68