68 matches found
CVE-2019-15980
Cisco Data Center Network Manager (DCNM) has a path traversal vulnerability (CVE-2019-15980) in the REST and SOAP API endpoints and the Application Framework. The issue arises from insufficient validation of user-supplied input, allowing an authenticated, remote attacker with administrative privi...
CVE-2020-3380
CVE-2020-3380 concerns Cisco Data Center Network Manager (DCNM). The issue is a privilege-escalation in the DCNM CLI: an authenticated, local attacker could exploit insufficient restrictions on an affected CLI command to elevate to root and execute arbitrary OS commands. The path described involv...
CVE-2021-1253
CVE-2021-1253 concerns Cisco Data Center Network Manager (DCNM) web interface: multiple vulnerabilities enabling XSS and a reflected file download (RFD) by a remote attacker with network-operator privileges. Root cause is input validation issues in the DCNM web UI (CNVD reference corroborates an ...
CVE-2020-3519
Cisco Data Center Network Manager (DCNM) is affected by a REST API path-traversal vulnerability due to insufficient input validation. An authenticated, remote attacker could craft requests to the API and overwrite arbitrary files on affected devices. Public documentation references guidance that ...
CVE-2018-0450
CVE-2018-0450 concerns Cisco Data Center Network Manager (DCNM). The vulnerability is in the web-based management interface, caused by insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack by tricking a user int...
CVE-2017-12346
CVE-2017-12346 affects Cisco Data Center Network Manager (DCNM). Connected documents confirm multiple vulnerabilities in DCNM Software that could let a remote attacker inject arbitrary values into DCNM configuration parameters, redirect users to malicious websites, inject content into a DCNM clie...
CVE-2020-3348
CVE-2020-3348 affects Cisco Data Center Network Manager (DCNM) Web Management Interface. The underlying issue is insufficient validation of user-supplied input, enabling cross-site scripting (XSS) by persuading a user to click a crafted link. An authenticated, remote attacker could execute arbitr...
CVE-2019-15982
Cisco DCNM
CVE-2019-15985
CVE-2019-15985 corresponds to multiple SQL injection vulnerabilities in Cisco Data Center Network Manager (DCNM) REST and SOAP APIs. Affected versions are DCNM prior to 11.3(1). An authenticated, remote attacker with administrative privileges can exploit insufficient input validation to execute a...
CVE-2020-3521
CVE-2020-3521 affects Cisco Data Center Network Manager (DCNM) REST API. The issue is an input-validation weakness in the API, allowing an authenticated, low-privileged attacker to perform directory/path traversal and read arbitrary files on the device. Documented in multiple sources, Cisco has r...
CVE-2021-1255
Cisco DCNM REST API path and data handling vulnerabilities (CVE-2021-1255) allow an authenticated, remote attacker to view, modify, and delete data due to insufficient authorization checks in a DCNM REST endpoint. Public sources reference path traversal in DCNM versions prior to 11.4(1) and a bro...
CVE-2019-15981
Cisco DCNM CVE-2019-15981 involves multiple directory traversal vulnerabilities in the REST and SOAP API endpoints and the Application Framework. An authenticated, remote attacker with administrative privileges could exploit path traversal flaws to read, write, or execute arbitrary files on affec...
CVE-2017-12347
CVE-2017-12347 affects Cisco Data Center Network Manager (DCNM) Software. Connected documents confirm multiple vulnerabilities in DCNM that could allow a remote attacker to inject arbitrary values into configuration parameters, redirect users to malicious sites, inject content into a DCNM client ...
CVE-2020-3523
The CVE-2020-3523 entry concerns Cisco Data Center Network Manager (DCNM). The connected documents confirm a cross-site scripting (XSS) vulnerability in the DCNM web-based management interface, exploitable by an authenticated, remote attacker who can lure a user into clicking a crafted link. The ...
CVE-2021-1276
Cisco Data Center Network Manager (DCNM) contains certificate-validation vulnerabilities that arise when establishing HTTPS connections, due to insufficient certificate validation. These flaws could allow an attacker to spoof a trusted host or mount a man-in-the-middle to extract sensitive inform...
CVE-2017-12344
Cisco DCNM Software contains multiple vulnerabilities described in CVE-2017-12344 involving the web interface: an HTTP injection/input-validation failure in DCNM’s HTTP headers/parameters could let a remote attacker inject arbitrary configuration values, redirect users to malicious sites, and inj...
CVE-2020-3522
Cisco Data Center Network Manager (DCNM) Web Management Interface contains an Authorization Bypass vulnerability that can be exploited by an authenticated attacker via a crafted URL to access resources intended for administrators, enabling add/delete/edit of network configurations with admin priv...
CVE-2011-4650
CVE-2011-4650 affects Cisco Data Center Network Manager. The issue is caused by Excessive Logging During a TCP Flood on Java Ports, where an oversized server.log leads to increased CPU utilization. Affected release: 5.2(1). Fixed releases: 6.0(0)SL1(0.14) and 5.2(2.73)S0. Practical impact is incr...