cnvd - cnvd-2019-19474

cnvd-2019-19474

Vulnerability from cnvd

Title

Cisco Data Center Network Manager任意文件上传漏洞

Description

Cisco Data Center Network Manager (DCNM)是Cisco的一套数据中心网络管理器，可对网络进行多协议管理，并对交换机的运行状况和性能提供故障排除功能。 Cisco Data Center Network Manager (DCNM) 11.0(1)的基于Web的管理界面存在任意文件上传漏洞。远程未认证攻击者可通过上传特制数据利用该漏洞在文件系统上写入任意文件，从而能以root权限执行代码。

Severity

高

Patch Name

Cisco Data Center Network Manager任意文件上传漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo64647

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-codex

Impacted products

Name
Cisco Cisco Data Center Network Manager 11.0(1)

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-1620",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-1620"
    }
  },
  "description": "Cisco Data Center Network Manager (DCNM)\u662fCisco\u7684\u4e00\u5957\u6570\u636e\u4e2d\u5fc3\u7f51\u7edc\u7ba1\u7406\u5668\uff0c\u53ef\u5bf9\u7f51\u7edc\u8fdb\u884c\u591a\u534f\u8bae\u7ba1\u7406\uff0c\u5e76\u5bf9\u4ea4\u6362\u673a\u7684\u8fd0\u884c\u72b6\u51b5\u548c\u6027\u80fd\u63d0\u4f9b\u6545\u969c\u6392\u9664\u529f\u80fd\u3002\n\nCisco Data Center Network Manager (DCNM) 11.0(1)\u7684\u57fa\u4e8eWeb\u7684\u7ba1\u7406\u754c\u9762\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u672a\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4e0a\u4f20\u7279\u5236\u6570\u636e\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u6587\u4ef6\u7cfb\u7edf\u4e0a\u5199\u5165\u4efb\u610f\u6587\u4ef6\uff0c\u4ece\u800c\u80fd\u4ee5root\u6743\u9650\u6267\u884c\u4ee3\u7801\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo64647",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-19474",
  "openTime": "2019-06-26",
  "patchDescription": "Cisco Data Center Network Manager (DCNM)\u662fCisco\u7684\u4e00\u5957\u6570\u636e\u4e2d\u5fc3\u7f51\u7edc\u7ba1\u7406\u5668\uff0c\u53ef\u5bf9\u7f51\u7edc\u8fdb\u884c\u591a\u534f\u8bae\u7ba1\u7406\uff0c\u5e76\u5bf9\u4ea4\u6362\u673a\u7684\u8fd0\u884c\u72b6\u51b5\u548c\u6027\u80fd\u63d0\u4f9b\u6545\u969c\u6392\u9664\u529f\u80fd\u3002\r\n\r\nCisco Data Center Network Manager (DCNM) 11.0(1)\u7684\u57fa\u4e8eWeb\u7684\u7ba1\u7406\u754c\u9762\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u672a\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4e0a\u4f20\u7279\u5236\u6570\u636e\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u6587\u4ef6\u7cfb\u7edf\u4e0a\u5199\u5165\u4efb\u610f\u6587\u4ef6\uff0c\u4ece\u800c\u80fd\u4ee5root\u6743\u9650\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Data Center Network Manager\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Cisco Data Center Network Manager 11.0(1)"
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-codex",
  "serverity": "\u9ad8",
  "submitTime": "2019-06-27",
  "title": "Cisco Data Center Network Manager\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e"
}

CVE-2019-1620 (GCVE-0-2019-1620)

Vulnerability from cvelistv5

Published

2019-06-27 03:05

Modified

2024-11-19 19:03

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-264

Summary

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device.

References

URL

Tags

	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190626-dcnm-codex	vendor-advisory, x_refsource_CISCO
	http://www.securityfocus.com/bid/108906	vdb-entry, x_refsource_BID
	https://seclists.org/bugtraq/2019/Jul/11	mailing-list, x_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/153546/Cisco-Data-Center-Network-Manager-11.1-1-Remote-Code-Execution.html	x_refsource_MISC
	http://seclists.org/fulldisclosure/2019/Jul/7	mailing-list, x_refsource_FULLDISC
	http://packetstormsecurity.com/files/154304/Cisco-Data-Center-Network-Manager-Unauthenticated-Remote-Code-Execution.html	x_refsource_MISC