CVE-2019-15999
Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts.
Una vulnerabilidad en el entorno de aplicación de Cisco Data Center Network Manager (DCNM), podría permitir a un atacante remoto autenticado conseguir acceso no autorizado a JBoss Enterprise Application Platform (JBoss EAP) sobre un dispositivo afectado. La vulnerabilidad es debido a una configuración incorrecta de los ajustes de autenticación en JBoss EAP. Un atacante podría explotar esta vulnerabilidad mediante la autenticación con una cuenta específica de bajos privilegios. Una explotación con éxito podría permitir al atacante conseguir acceso no autorizado al JBoss EAP, lo que debería estar limitada a las cuentas internas del sistema.
Cisco DCNM JBoss version 10.4 suffers from a credential leakage vulnerability.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2019-09-06 CVE Reserved
- 2020-01-06 CVE Published
- 2020-01-08 First Exploit
- 2024-08-29 EPSS Updated
- 2024-11-15 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-284: Improper Access Control
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/155870/Cisco-DCNM-JBoss-10.4-Credential-Leakage.html | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/47885 | 2020-01-08 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Data Center Network Manager Search vendor "Cisco" for product "Data Center Network Manager" | < 11.3\(1\) Search vendor "Cisco" for product "Data Center Network Manager" and version " < 11.3\(1\)" | - |
Affected
|