1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: CISCO Data Center Network Manager CVE-2019-1620

Web Attack: CISCO Data Center Network Manager CVE-2019-1620

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit an arbitrary file upload vulnerability in Cisco Data Center Network Manager.

Additional Information

Cisco Data Center Network Manager (DCNM) is a network management solution.

Cisco Data Center Network Manager is prone to multiple security vulnerabilities due to incorrect permission settings in affected DCNM software. Specifically, these issues occur in the web-based management interface. An attacker can exploit these issues by uploading specially crafted data to the affected device. This may allow an attacker to write arbitrary files and execute code.

A remote attacker can leverage these issues to upload arbitrary files and execute arbitrary code with the root privileges on the affected device.

Affected

  • Cisco Data Center Network Manager 11.1(1)
  • Cisco Data Center Network Manager 11.0(1)
  • Cisco Data Center Network Manager 10.4(2)
  • Cisco Data Center Network Manager 10.4(1)
  • Cisco Data Center Network Manager 10.3(1)
  • Cisco Data Center Network Manager 10.2(1)
  • Cisco Data Center Network Manager 10.1(1)
  • Cisco Data Center Network Manager 10.0(1)
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube