Lucene search
K
CiscoData Center Network Manager*

50 matches found

CVE
CVE
added 2021/12/10 12:0 a.m.6786 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wild
CVE
CVE
added 2020/01/06 7:45 a.m.114 views

CVE-2019-15977

CVE-2019-15977 refers to authentication bypass vulnerabilities in Cisco Data Center Network Manager (DCNM). Connected data shows concrete details: DCNM 11.2.1 is affected via LanFabricImpl, enabling command injection leading to remote code execution (RCE) with root-like access demonstrated in exp...

9.8CVSS7.9AI score0.3811EPSS
CVE
CVE
added 2020/01/06 7:40 a.m.110 views

CVE-2019-15975

Cisco DCNM has authentication bypass vulnerabilities in versions prior to 11.3(1) that allow an unauthenticated, remote attacker to bypass login and perform administrative actions. The issues stem from a shared static encryption key across installations, enabling bypass via REST/SOAP APIs and web...

10CVSS9.9AI score0.85649EPSS
CVE
CVE
added 2020/01/06 7:45 a.m.108 views

CVE-2019-15999

CVE-2019-15999 concerns Cisco DCNM where JBOSS EAP authentication is misconfigured, allowing an authenticated, remote attacker to access JBOSS EAP on affected DCNM instances. Technical details from connected advisories indicate the flaw stems from incorrect authentication settings in JBOSS EAP, e...

6.3CVSS6.3AI score0.03647EPSS
CVE
CVE
added 2020/01/06 7:40 a.m.99 views

CVE-2019-15976

CVE-2019-15976 concerns authentication bypass vulnerabilities in Cisco Data Center Network Manager (DCNM). Multiple independent sources (NVD entry, Cisco advisory, Nessus/CISCO bundle, and exploitation references) indicate an unauthenticated remote attacker could bypass DCNM authentication and pe...

10CVSS9.9AI score0.92835EPSS
CVE
CVE
added 2024/11/18 3:53 p.m.95 views

CVE-2020-3538

Cisco DCNM (Data Center Network Manager) contains a path traversal vulnerability in a REST API endpoint that allows an authenticated, remote attacker to overwrite or list arbitrary files on affected devices. The issue stems from insufficient path restrictions, exploitable by sending crafted HTTP ...

8.1CVSS5.1AI score0.00502EPSS
CVE
CVE
added 2020/07/31 12:0 a.m.90 views

CVE-2020-3386

CVE-2020-3386 concerns Cisco Data Center Network Manager (DCNM) REST API: an authenticated, low-privileged user can bypass API authorization due to insufficient access controls and perform arbitrary actions with administrative privileges. Affected are DCNM deployments exposing the REST API; multi...

9CVSS8.6AI score0.02042EPSS
CVE
CVE
added 2021/01/20 8:10 p.m.90 views

CVE-2021-1247

Cisco Data Center Network Manager (DCNM) is affected by multiple SQL injection vulnerabilities in REST API endpoints. The root cause, as described in linked advisories, is insufficient input validation in DCNM REST API handling, which could allow an authenticated, remote attacker to execute arbit...

8.8CVSS9.2AI score0.01901EPSS
CVE
CVE
added 2020/01/06 7:45 a.m.87 views

CVE-2019-15984

CVE-2019-15984 concerns Cisco Data Center Network Manager (DCNM) with SQL Injection in the REST and SOAP APIs. The vulnerability arises from insufficient input validation, allowing an authenticated, remote attacker with administrative privileges to execute arbitrary SQL commands on the DCNM backe...

9CVSS8.1AI score0.46935EPSS
CVE
CVE
added 2020/02/19 7:16 p.m.83 views

CVE-2020-3112

CVE-2020-3112 is a privilege-escalation vulnerability in Cisco Data Center Network Manager (DCNM) REST API. The issue stems from insufficient access control validation, allowing an authenticated, low-privilege user to send crafted API requests and interact with the API with administrative privile...

8.8CVSS8.6AI score0.01452EPSS
CVE
CVE
added 2020/07/31 12:0 a.m.83 views

CVE-2020-3382

Cisco DCNM (Data Center Network Manager) suffers an authentication-bypass via the REST API caused by shared static encryption keys across installations. An unauthenticated, remote attacker could craft a valid session token and perform arbitrary actions with administrative privileges on affected d...

10CVSS9.9AI score0.02296EPSS
CVE
CVE
added 2020/07/31 12:0 a.m.83 views

CVE-2020-3383

DCNM Path Traversal (CVE-2020-3383) affects Cisco Data Center Network Manager’s archive utility. An authenticated, remote attacker can exploit lack of input validation for paths embedded in archive files to perform directory traversal, potentially writing arbitrary files with the privileges of th...

9CVSS8.6AI score0.07038EPSS
CVE
CVE
added 2020/01/06 7:45 a.m.82 views

CVE-2019-15978

CVE-2019-15978 relates to Cisco Data Center Network Manager (DCNM). The issue is a command-injection vulnerability in the REST and SOAP API endpoints, arising from improper validation of user-supplied input. An authenticated, remote attacker with administrative privileges can inject arbitrary OS ...

9CVSS7.4AI score0.37458EPSS
CVE
CVE
added 2020/02/19 7:16 p.m.82 views

CVE-2020-3113

CVE-2020-3113 affects Cisco Data Center Network Manager (DCNM) web-based management interface. The vulnerability arises from insufficient validation of user-supplied input, enabling stored XSS when a user is enticed to click a crafted link. Impact could be execution of arbitrary script in the int...

5.4CVSS5AI score0.00628EPSS
CVE
CVE
added 2020/07/31 12:0 a.m.78 views

CVE-2020-3460

Cisco Data Center Network Manager (DCNM) web-based management interface is affected by an unauthenticated XSS vulnerability (CVE-2020-3460). The issue stems from improper validation of user-supplied input, allowing an attacker to inject malicious data into an HTTP header to execute script code in...

6.1CVSS5.4AI score0.00716EPSS
CVE
CVE
added 2020/07/31 12:1 a.m.77 views

CVE-2020-3461

Cisco Data Center Network Manager (DCNM) exposes an information-disclosure vulnerability in its web-based management interface caused by missing authentication on a specific part of the interface. The flaw enables an unauthenticated, remote attacker to read confidential information from an affect...

5.3CVSS5.1AI score0.01218EPSS
CVE
CVE
added 2021/01/20 8:11 p.m.75 views

CVE-2021-1249

Cisco Data Center Network Manager (DCNM) web-based management interface harbors cross-site scripting (XSS) and reflected file download (RFD) vulnerabilities. The root cause cited across sources is insufficient input validation in the DCNM web UI, enabling a remote attacker with network-operator p...

6.5CVSS5.7AI score0.00614EPSS
CVE
CVE
added 2021/01/20 8:10 p.m.73 views

CVE-2021-1248

CVE-2021-1248 affects Cisco Data Center Network Manager (DCNM) with multiple SQL injection vulnerabilities in certain REST API endpoints. An authenticated, remote attacker could execute arbitrary SQL commands on an affected device. Connected sources confirm DCNM SQL-injection vulnerabilities and ...

8.8CVSS8.4AI score0.01885EPSS
CVE
CVE
added 2020/01/06 7:45 a.m.72 views

CVE-2019-15979

CVE-2019-15979 affects Cisco Data Center Network Manager (DCNM). The issue is a command-injection vulnerability in the REST and SOAP API endpoints caused by insufficient input validation, exploitable by an authenticated user with administrative privileges to inject arbitrary OS commands. The affe...

9CVSS7.5AI score0.03304EPSS
CVE
CVE
added 2020/02/19 7:16 p.m.70 views

CVE-2020-3114

CVE-2020-3114 is a CSRF vulnerability in Cisco Data Center Network Manager (DCNM) web-based management interface. The root cause is insufficient CSRF protections, enabling an unauthenticated, remote attacker to persuade a logged-in user to perform arbitrary actions with the user’s privileges. Aff...

8.8CVSS9AI score0.00566EPSS
CVE
CVE
added 2021/01/20 8:11 p.m.70 views

CVE-2021-1135

CVE-2021-1135 concerns Cisco Data Center Network Manager (DCNM) REST API vulnerabilities. The issue arises from an incorrect denylist comparison in a REST API path, enabling an authenticated, remote attacker to view, modify, or delete data without proper authorization. Affected DCNM versions prio...

4.6CVSS4.7AI score0.00632EPSS
CVE
CVE
added 2021/01/20 7:56 p.m.69 views

CVE-2021-1277

CVE-2021-1277 relates to Cisco Data Center Network Manager (DCNM) certificate validation vulnerabilities. The root cause is insufficient certificate validation when DCNM establishes HTTPS connections, enabling an attacker to spoof a trusted host or perform a MITM to intercept/alter sensitive API ...

7.5CVSS6.6AI score0.00399EPSS
CVE
CVE
added 2020/07/31 12:0 a.m.68 views

CVE-2020-3384

CVE-2020-3384 affects Cisco Data Center Network Manager (DCNM) REST API endpoints. The root cause is inadequate validation of user-supplied input in the API, which could allow an authenticated, remote attacker to inject arbitrary commands on the underlying OS with the privileges of the logged-in ...

8.2CVSS8.1AI score0.0079EPSS
CVE
CVE
added 2021/01/20 7:57 p.m.68 views

CVE-2021-1270

CVE-2021-1270 affects Cisco Data Center Network Manager (DCNM) via vulnerabilities in the web-based management interface that allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The root cause is failure to properly restrict access to administrat...

6.5CVSS6.4AI score0.00639EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.66 views

CVE-2018-0440

CVE-2018-0440 concerns Cisco Data Center Network Manager (DCNM). The issue is in the web interface where incomplete input validation of HTTP requests allows an authenticated application administrator to execute commands on the underlying OS with root privileges. Impact is privilege escalation wit...

9CVSS7.1AI score0.02253EPSS
CVE
CVE
added 2020/08/26 4:15 p.m.66 views

CVE-2020-3518

Cisco Data Center Network Manager (DCNM) XSS (CVE-2020-3518) arises from improper validation in the web-based management interface. An authenticated, remote attacker could lure a user into clicking a crafted link, enabling arbitrary script execution in the affected interface or access to browser-...

6.5CVSS5.7AI score0.00622EPSS
CVE
CVE
added 2021/01/20 7:56 p.m.66 views

CVE-2021-1272

CVE-2021-1272 describes a SSRF in Cisco Data Center Network Manager (DCNM) where insufficient validation of parameters in a specific HTTP request allows an unauthenticated, remote attacker to bypass access controls and gain unauthorized access to the Device Manager application. The issue affects ...

8.8CVSS8.8AI score0.01284EPSS
CVE
CVE
added 2020/07/31 12:1 a.m.65 views

CVE-2020-3462

CVE-2020-3462 describes a SQL injection in Cisco Data Center Network Manager (DCNM) web UI. The root cause is improper validation of user-supplied parameters, requiring authentication to exploit. An attacker could remotely authenticate and send malicious requests to obtain or modify data in the u...

6.5CVSS6.4AI score0.00741EPSS
CVE
CVE
added 2020/07/16 5:21 p.m.64 views

CVE-2020-3349

Cisco Data Center Network Manager (DCNM) Web UI is affected by multiple XSS vulnerabilities caused by insufficient input validation. The issues allow an authenticated attacker to lure a user to click a crafted link, enabling arbitrary script execution in the interface context or access to browser...

4.8CVSS5.1AI score0.00622EPSS
CVE
CVE
added 2020/08/26 4:16 p.m.62 views

CVE-2020-3439

CVE-2020-3439 affects Cisco Data Center Network Manager (DCNM) web-based management interface. A stored XSS vulnerability arises from insufficient input validation in a data field, enabling an authenticated, remote attacker to inject script and potentially access browser-based information. Impact...

5.9CVSS5AI score0.00622EPSS
CVE
CVE
added 2021/01/20 8:11 p.m.62 views

CVE-2021-1250

CVE-2021-1250 affects Cisco Data Center Network Manager (DCNM) Web management interface. The vulnerability set includes cross-site scripting (XSS) and a reflected file download (RFD) attack, exploitable by a remote attacker with network-operator privileges. Root cause cited as insufficient input ...

6.5CVSS5.7AI score0.00614EPSS
CVE
CVE
added 2021/01/20 7:57 p.m.61 views

CVE-2021-1269

CVE-2021-1269 affects Cisco Data Center Network Manager (DCNM) web-based management interface. The advisory/image set describes an authorization bypass: an authenticated remote attacker could view, modify, and delete data without proper authorization in DCNM versions prior to the fixed release. C...

6.5CVSS6.4AI score0.00774EPSS
CVE
CVE
added 2021/01/20 7:56 p.m.61 views

CVE-2021-1283

Cisco Data Center Network Manager (DCNM) is affected by an information-disclosure vulnerability in its logging subsystem. The issue arises because sensitive data is not properly masked before being written to system log files, allowing an authenticated, local attacker with valid credentials to vi...

5.5CVSS5AI score0.00284EPSS
CVE
CVE
added 2021/01/20 7:35 p.m.59 views

CVE-2021-1133

Cisco DCNM REST API vulnerabilities allow an authenticated, remote attacker to view, modify, and delete data due to insufficient API input validation, including a path traversal issue described in CNVD-2021-09309. The CVE entry covers multiple REST API weaknesses in DCNM, affecting version prior ...

8.5CVSS5.6AI score0.01084EPSS
CVE
CVE
added 2020/01/06 7:45 a.m.58 views

CVE-2019-15983

CVE-2019-15983 is an XML External Entity (XXE) reading vulnerability in Cisco Data Center Network Manager (DCNM) SOAP API. The issue arises when the SOAP API parses certain XML files, allowing an authenticated user with administrative privileges to exploit XXE and read arbitrary files from the de...

4.9CVSS5.8AI score0.01306EPSS
CVE
CVE
added 2020/08/26 4:15 p.m.58 views

CVE-2020-3520

CVE-2020-3520 corresponds to a Cisco Data Center Network Manager (DCNM) information-disclosure vulnerability. The DCNM product's protection of confidential information is insufficient, allowing an authenticated, local attacker to access local filesystems and extract sensitive data, potentially en...

5.5CVSS5.1AI score0.00287EPSS
CVE
CVE
added 2021/01/20 7:55 p.m.58 views

CVE-2021-1286

CVE-2021-1286 affects Cisco Data Center Network Manager (DCNM) – the web-based management interface is vulnerable to cross-site scripting (XSS) and a reflected file download (RFD) when accessed by an authenticated network-operator. The root cause is insufficient input validation in the DCNM web i...

6.5CVSS6.2AI score0.0094EPSS
CVE
CVE
added 2020/01/06 7:45 a.m.57 views

CVE-2019-15980

Cisco Data Center Network Manager (DCNM) has a path traversal vulnerability (CVE-2019-15980) in the REST and SOAP API endpoints and the Application Framework. The issue arises from insufficient validation of user-supplied input, allowing an authenticated, remote attacker with administrative privi...

9CVSS7.3AI score0.4996EPSS
CVE
CVE
added 2020/07/16 5:21 p.m.57 views

CVE-2020-3380

CVE-2020-3380 concerns Cisco Data Center Network Manager (DCNM). The issue is a privilege-escalation in the DCNM CLI: an authenticated, local attacker could exploit insufficient restrictions on an affected CLI command to elevate to root and execute arbitrary OS commands. The path described involv...

7.8CVSS7.8AI score0.00602EPSS
CVE
CVE
added 2021/01/20 8:10 p.m.57 views

CVE-2021-1253

CVE-2021-1253 concerns Cisco Data Center Network Manager (DCNM) web interface: multiple vulnerabilities enabling XSS and a reflected file download (RFD) by a remote attacker with network-operator privileges. Root cause is input validation issues in the DCNM web UI (CNVD reference corroborates an ...

6.5CVSS5.7AI score0.00614EPSS
CVE
CVE
added 2020/08/26 4:15 p.m.56 views

CVE-2020-3519

Cisco Data Center Network Manager (DCNM) is affected by a REST API path-traversal vulnerability due to insufficient input validation. An authenticated, remote attacker could craft requests to the API and overwrite arbitrary files on affected devices. Public documentation references guidance that ...

8.1CVSS6.6AI score0.00969EPSS
CVE
CVE
added 2020/07/16 5:21 p.m.54 views

CVE-2020-3348

CVE-2020-3348 affects Cisco Data Center Network Manager (DCNM) Web Management Interface. The underlying issue is insufficient validation of user-supplied input, enabling cross-site scripting (XSS) by persuading a user to click a crafted link. An authenticated, remote attacker could execute arbitr...

4.8CVSS5.1AI score0.00622EPSS
CVE
CVE
added 2020/08/26 4:15 p.m.54 views

CVE-2020-3521

CVE-2020-3521 affects Cisco Data Center Network Manager (DCNM) REST API. The issue is an input-validation weakness in the API, allowing an authenticated, low-privileged attacker to perform directory/path traversal and read arbitrary files on the device. Documented in multiple sources, Cisco has r...

6.5CVSS5.7AI score0.01787EPSS
CVE
CVE
added 2021/01/20 7:58 p.m.54 views

CVE-2021-1255

Cisco DCNM REST API path and data handling vulnerabilities (CVE-2021-1255) allow an authenticated, remote attacker to view, modify, and delete data due to insufficient authorization checks in a DCNM REST endpoint. Public sources reference path traversal in DCNM versions prior to 11.4(1) and a bro...

5.5CVSS5AI score0.00668EPSS
CVE
CVE
added 2020/01/06 7:45 a.m.53 views

CVE-2019-15982

Cisco DCNM

9CVSS7.4AI score0.14322EPSS
CVE
CVE
added 2020/01/06 7:45 a.m.52 views

CVE-2019-15981

Cisco DCNM CVE-2019-15981 involves multiple directory traversal vulnerabilities in the REST and SOAP API endpoints and the Application Framework. An authenticated, remote attacker with administrative privileges could exploit path traversal flaws to read, write, or execute arbitrary files on affec...

9CVSS7.3AI score0.14322EPSS
CVE
CVE
added 2020/01/06 7:45 a.m.51 views

CVE-2019-15985

CVE-2019-15985 corresponds to multiple SQL injection vulnerabilities in Cisco Data Center Network Manager (DCNM) REST and SOAP APIs. Affected versions are DCNM prior to 11.3(1). An authenticated, remote attacker with administrative privileges can exploit insufficient input validation to execute a...

9CVSS7.9AI score0.03304EPSS
CVE
CVE
added 2020/08/26 4:15 p.m.51 views

CVE-2020-3523

The CVE-2020-3523 entry concerns Cisco Data Center Network Manager (DCNM). The connected documents confirm a cross-site scripting (XSS) vulnerability in the DCNM web-based management interface, exploitable by an authenticated, remote attacker who can lure a user into clicking a crafted link. The ...

6.5CVSS5.7AI score0.00622EPSS
CVE
CVE
added 2021/01/20 7:56 p.m.51 views

CVE-2021-1276

Cisco Data Center Network Manager (DCNM) contains certificate-validation vulnerabilities that arise when establishing HTTPS connections, due to insufficient certificate validation. These flaws could allow an attacker to spoof a trusted host or mount a man-in-the-middle to extract sensitive inform...

7.5CVSS6.6AI score0.00399EPSS
CVE
CVE
added 2020/08/26 4:15 p.m.42 views

CVE-2020-3522

Cisco Data Center Network Manager (DCNM) Web Management Interface contains an Authorization Bypass vulnerability that can be exploited by an authenticated attacker via a crafted URL to access resources intended for administrators, enabling add/delete/edit of network configurations with admin priv...

6.5CVSS6.2AI score0.00805EPSS