Multiple vulnerabilities in Cisco Data Center Network Manager



Published: 2020-01-08 | Updated: 2020-02-20
Risk High
Patch available YES
Number of vulnerabilities 129
CVE-ID CVE-2019-15984
CVE-2019-15985
CVE-2019-15983
CVE-2019-15982
CVE-2019-15981
CVE-2019-15980
CVE-2019-15979
CVE-2019-15978
CVE-2019-15977
CVE-2019-15976
CVE-2019-15975
CVE-2019-15999
CVE-2020-3114
CVE-2020-3113
CVE-2020-3112
CWE-ID CWE-89
CWE-611
CWE-22
CWE-78
CWE-798
CWE-284
CWE-352
CWE-79
CWE-264
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #120 is available.
Public exploit code for vulnerability #121 is available.
Public exploit code for vulnerability #122 is available.
Public exploit code for vulnerability #123 is available.
Public exploit code for vulnerability #124 is available.
Public exploit code for vulnerability #125 is available.
Public exploit code for vulnerability #126 is available.
Vulnerable software
Subscribe
Cisco Data Center Network Manager
Server applications / Remote management servers, RDP, SSH

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains information about 129 vulnerabilities.

Updated 20.02.2020
Added vulnerabilities #127-129

1) SQL injection

EUVDB-ID: #VU24139

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "username" parameter to the "fm/fmrest/smartLicensing/persistUserInfo" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-016/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) SQL injection

EUVDB-ID: #VU24138

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "virtualAcc" parameter to the "fm/fmrest/smartLicensing/getTokenInfo" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-017/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) SQL injection

EUVDB-ID: #VU24137

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "filterStr" parameter to the "rest/imagemanagement/gir/tasks" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-018/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) SQL injection

EUVDB-ID: #VU24136

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "filterStr" parameter in the "getSMUTasks" method to the "rest/smu/getjobs" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-019/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) SQL injection

EUVDB-ID: #VU24135

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "jobId" parameter in the "deleteVpcHistory" method to the "fm/fmrest/virtualportchannel/vpcwizard/history" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-020/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) SQL injection

EUVDB-ID: #VU24134

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter in the "getAllVpc" method to the "fm/fmrest/virtualportchannel" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-021/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) SQL injection

EUVDB-ID: #VU24133

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter in the "getVpcHistory" method to the "fm/fmrest/virtualportchannel/vpcwizard/history" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-022/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) SQL injection

EUVDB-ID: #VU24131

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter in the "getVpcPeerHistory" method to the "fm/fmrest/virtualportchannel/vpcwizard/history" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-023/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) SQL injection

EUVDB-ID: #VU24130

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "searchId" parameter to the "fm/fmrest/inventory/getHostEnclDataLength" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-024/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) SQL injection

EUVDB-ID: #VU24129

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "filterStr" parameter in the "getDomain" method to the "fm/fmrest/virtualportchannel/domain" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-025/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) SQL injection

EUVDB-ID: #VU24127

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter to the "fm/fmrest/health/getSyslogEventList" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-026/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) SQL injection

EUVDB-ID: #VU24126

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "serverId" parameter in the "getDeviceModulesupport" method to the "fm/fmrest/devicemodule/deviceList" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-027/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) SQL injection

EUVDB-ID: #VU24125

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "filterStr" parameter in the "getJobExecutionDetails" method to the "fm/fmrest/config/archive/jobs/execution" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-028/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) SQL injection

EUVDB-ID: #VU24124

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter in the "getRPMTasks" method to the "fm/fmrest/rpm/getjobs" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-029/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) SQL injection

EUVDB-ID: #VU24123

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter in the "getAllTemplate" method to the "fm/fmrest/config/templates" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-030/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) SQL injection

EUVDB-ID: #VU24122

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter in the "getLicenses" method to the "fm/fmrest/inventory/licenses" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-031/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) SQL injection

EUVDB-ID: #VU24121

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter in the "getEndPorts" method to the "fm/fmrest/inventory/endports" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-032/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) SQL injection

EUVDB-ID: #VU24119

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter to the "fm/fmrest/inventory/getHostEnclList" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-033/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) SQL injection

EUVDB-ID: #VU24118

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter to the "fm/fmrest/inventory/getHostEnclList" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-034/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) SQL injection

EUVDB-ID: #VU24117

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter to the "fm/fmrest/inventory/getInterfacesBySwitch" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-035/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) SQL injection

EUVDB-ID: #VU24116

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter in the "getisls" method to the "fm/fmrest/inventory/isls" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-036/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) SQL injection

EUVDB-ID: #VU24115

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getLanIslList" method to the "getIslList" SOAP endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-037/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) SQL injection

EUVDB-ID: #VU24114

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter to the "getSwitchListWithPortUse" SOAP endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-038/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) SQL injection

EUVDB-ID: #VU24113

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter to the "getHostEnclList" SOAP endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-039/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) SQL injection

EUVDB-ID: #VU24112

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter in the "getIslListWithPMForTopology" method to the "fm/fmrest/topology" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-040/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) SQL injection

EUVDB-ID: #VU24111

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "searchId" parameter in the "getEndDeviceStatListESBySQL" method to the "fm/fmrest/endportStat" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-041/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) SQL injection

EUVDB-ID: #VU24110

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter in the "getCustomPGStatList" method to the "fm/fmrest/customPGStat" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-042/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) SQL injection

EUVDB-ID: #VU24109

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "searchId" parameter in the "getSanGigEStatListES" method to the "fm/fmrest/SanGigEStat" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-043/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) SQL injection

EUVDB-ID: #VU24108

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter in the "getFlowStatListES" method to the "fm/fmrest/fcflowsStat" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-044/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) SQL injection

EUVDB-ID: #VU24107

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "searchId" parameter in the "getSanIslStatListESBySQL" method to the "fm/fmrest/sanIslStat" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-045/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) SQL injection

EUVDB-ID: #VU24106

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "colFilterStr" parameter to the "getConfigBackupStatusCount" endpoint of the "WebAnalysisWSService/WebAnalysisWS" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-046/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) SQL injection

EUVDB-ID: #VU24105

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter in the "getNpvLinks" method to the "fm/fmrest/inventory/npvlinks" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-047/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) SQL injection

EUVDB-ID: #VU24104

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter in the "getModules" method to the "fm/fmrest/inventory/modules" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-048/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) SQL injection

EUVDB-ID: #VU24103

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "searchId" parameter in the "getLanIslStatListES" method to the "fm/fmrest/lanIslStat" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-049/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) SQL injection

EUVDB-ID: #VU24100

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter to the "fm/fmrest/inventory/getModulesBySwitch" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-050/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) SQL injection

EUVDB-ID: #VU24099

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter in the "getSwitches" method to the "fm/fmrest/inventory/switches" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-051/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) SQL injection

EUVDB-ID: #VU24098

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter in the "getSwitches" method to the "fm/fmrest/inventory/switches" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-052/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) SQL injection

EUVDB-ID: #VU24097

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter to the "getEndDeviceList" endpoint of the "DbInventoryWSService/DbInventoryWS" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-053/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) SQL injection

EUVDB-ID: #VU24096

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter in the "getSanIslListWithPM" method to the "rest/topdown/topology" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-054/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) SQL injection

EUVDB-ID: #VU24095

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "searchId" parameter in the "getZoneListByZoneNameAndParentId" method to the "rest/inventory/zones" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-055/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) SQL injection

EUVDB-ID: #VU24094

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getAllGroups" method to the "getAllAppGroups" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-056/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) SQL injection

EUVDB-ID: #VU24093

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "item" parameter in the "getVsanListForEnclosures" method to the "getStorageEnclListForHosts" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-057/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) SQL injection

EUVDB-ID: #VU24092

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "fabricName" parameter in the "getJobList" method to the "rest/imagemanagement/jobs" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-058/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) SQL injection

EUVDB-ID: #VU24091

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter in the "getDeployerTaskDetails" method to the "rest/config/delivery/history" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-059/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) SQL injection

EUVDB-ID: #VU24090

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter to the "getVmHostData" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-060/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) SQL injection

EUVDB-ID: #VU24087

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter to the "getVsanList" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-063/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) SQL injection

EUVDB-ID: #VU24086

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sort" parameter in the "getSanZoneList" method to the "rest/inventory/zones" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-064/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) SQL injection

EUVDB-ID: #VU24085

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter to the "getHostEnclList" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-065/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) SQL injection

EUVDB-ID: #VU24084

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getPortGroupMember" method to the "getPortGroupMember" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-066/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) SQL injection

EUVDB-ID: #VU24083

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getOidLanStatList" method to the "getCpuStatDataLength" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-067/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) SQL injection

EUVDB-ID: #VU24082

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getOidSanStatList" method to the "getCpuStatDataLength" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-068/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) SQL injection

EUVDB-ID: #VU24081

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getSanStatEntities" method to the "getCpuStatDataLengthES" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-069/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) SQL injection

EUVDB-ID: #VU24080

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getLanStatEntities" method to the "getCpuStatDataLengthES" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-070/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) SQL injection

EUVDB-ID: #VU24079

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getLanSwitchListWithoutUsedPorts" method to the "printSwitchTable" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-071/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) SQL injection

EUVDB-ID: #VU24051

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via "sortType" parameter to the "getSanIslStatJoinList" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-072/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) SQL injection

EUVDB-ID: #VU24050

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via "sortType" parameter in the "getSanGigEStatList" method to the "getGigEStatList" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-073/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) SQL injection

EUVDB-ID: #VU24049

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via "sortType" parameter in the "getLanGigEStatList" method to the "getGigEStatList" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-074/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) SQL injection

EUVDB-ID: #VU24048

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via "sortType" parameter to the "getLanIslStatJoinList" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-075/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) SQL injection

EUVDB-ID: #VU24047

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via "sortType" parameter in the "getNpvLinkStatList" method to the "getNpvLinkStatList" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-076/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) SQL injection

EUVDB-ID: #VU24046

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via "sortType" parameter in the "GetLanIslStatList" method to the "getIslStatDataLength" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-077/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) SQL injection

EUVDB-ID: #VU24045

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via "sortType" parameter in the "getPortGroupStatList" method to the "getPortGroupStatList" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-078/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) SQL injection

EUVDB-ID: #VU24044

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via "sortType" parameter in the "getSanIslStatList" method to the "getIslStatDataLength" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-079/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) SQL injection

EUVDB-ID: #VU24043

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via "filterStr" parameter in the "getLanEthernetStatListES" method to the "getLanEthernetStatList" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-080/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) SQL injection

EUVDB-ID: #VU24042

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via "fifth" parameter in the "getAllVpcs" method to the "getVpcConsistentList" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-081/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) SQL injection

EUVDB-ID: #VU24041

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via "sortType" parameter in the "getSanSwitchBandwidthStatList " method to the "getSwitchBandwidthStatList" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-082/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) SQL injection

EUVDB-ID: #VU24040

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via "sortType" parameter in the "getLanSwitchBandwidthStatList" method to the "getSwitchBandwidthStatList" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-083/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) SQL injection

EUVDB-ID: #VU24039

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the third argument to the "getVpcConsistentDataLength" endpoint in the "getVpcCount" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-084/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) SQL injection

EUVDB-ID: #VU24038

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getList" method to the "getSensorDataLength" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-085/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) SQL injection

EUVDB-ID: #VU24037

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getList" method to the "getAccountingList" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-086/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) SQL injection

EUVDB-ID: #VU24036

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "second" parameter to the "modifyGroupName" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-087/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) SQL injection

EUVDB-ID: #VU24027

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortField" parameter in the "getTaskList" method to the
"exportConfigDeliveryJobTable" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-088/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) SQL injection

EUVDB-ID: #VU24026

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getFlowStatList" method to the
"getFlowStatDataLength" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-089/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) SQL injection

EUVDB-ID: #VU24025

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getNpvLinkStatJoinList" method to the
"getNpvLinkStatJoinDataLength" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-090/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) SQL injection

EUVDB-ID: #VU24024

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getEndDeviceStatListWithVsan" method to the
"getEndDeviceStatDataLength" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-091/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) SQL injection

EUVDB-ID: #VU24023

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getN3KBufferStatList" method to the "getN3KBufferStatDataLength" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-092/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) SQL injection

EUVDB-ID: #VU24022

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "item" parameter in the "checkDiscoveryEthSwCandidates4List" method to the "deepDiscoverForSelectedLanMembers" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-093/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) SQL injection

EUVDB-ID: #VU24021

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "ip" parameter in the "createSite" method in "rest/msm/sites" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-094/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) SQL injection

EUVDB-ID: #VU24020

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "name" parameter in the "createSite" method in "rest/msm/sites" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-095/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) SQL injection

EUVDB-ID: #VU24019

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "fabricName" parameter in the "setVxlanProperties" method in "rest/settings/vxlan" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-096/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) SQL injection

EUVDB-ID: #VU24018

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "switch-id" parameter in the "getDiscoveredDeviceCount" method in "rest/topology/switches/otv/feature" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-097/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) SQL injection

EUVDB-ID: #VU24017

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "hostname" parameter in the "getDiscoveredDeviceCount" method in "rest/topology/switches/otv/feature" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-098/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) SQL injection

EUVDB-ID: #VU24016

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "group-id" parameter in the "getDiscoveredDeviceCount" method in "rest/topology/switches/otv/feature" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-099/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) SQL injection

EUVDB-ID: #VU24015

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getSanSwitchBandwidthStatList" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-082/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) SQL injection

EUVDB-ID: #VU24014

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getLanSwitchBandwidthStatList" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-083/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) SQL injection

EUVDB-ID: #VU24013

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the third argument to the "getVpcConsistentDataLength" endpoint in the "getVpcCount" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-084/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) SQL injection

EUVDB-ID: #VU24012

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter of the "getSensorDataLength" endpoint in the "getList" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-085/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) SQL injection

EUVDB-ID: #VU24011

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getList" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-086/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) SQL injection

EUVDB-ID: #VU24010

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "second" parameter of the "modifyGroupName" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-087/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) SQL injection

EUVDB-ID: #VU24009

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "serialNumber" parameter in the "getSwitchDbIdBySerialNumber" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-110/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) SQL injection

EUVDB-ID: #VU24008

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "fabTemplate" parameter in the "getConfigTemplateFileName" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-111/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) SQL injection

EUVDB-ID: #VU24007

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "filterStr" parameter in the "getRpmJobLength" method. A remote administrator can send a specially crafted request to the affected application and gain access to sensitive information on the target system.

Successful exploitation of this vulnerability may allow a remote attacker to read data in database.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-112/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) SQL injection

EUVDB-ID: #VU24006

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "serialNumber" parameter in the "getSwitchName" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-113/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) SQL injection

EUVDB-ID: #VU24005

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "colFilterStr" parameter in the "getLanSwitchDataLength" method. A remote administrator can send a specially crafted request to the affected application and gain access to sensitive information on the target system.

Successful exploitation of this vulnerability may allow a remote attacker to read data in database.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-115/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) SQL injection

EUVDB-ID: #VU24004

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "destinationInterface" parameter in the "checkLinkUUID" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-116/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) SQL injection

EUVDB-ID: #VU24003

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "colFilterStr" parameter in the "getLanSwitchDataLength" method. A remote administrator can send a specially crafted request to the affected application and gain access to sensitive information on the target system.

Successful exploitation of this vulnerability may allow a remote attacker to read data in database.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-121/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) SQL injection

EUVDB-ID: #VU24002

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "colFilterStr" parameter in the "getSanSwitchDataLength" method. A remote administrator can send a specially crafted request to the affected application and gain access to sensitive information on the target system.

Successful exploitation of this vulnerability may allow a remote attacker to read data in database.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-104/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) SQL injection

EUVDB-ID: #VU24001

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "filterStr" parameter in the "getVsanDataLength" method. A remote administrator can send a specially crafted request to the affected application and gain access to sensitive information on the target system.

Successful exploitation of this vulnerability may allow a remote attacker to read data in database.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-105/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) SQL injection

EUVDB-ID: #VU24000

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "filterStr" parameter in the "getZoneDataLength" method. A remote administrator can send a specially crafted request to the affected application and gain access to sensitive information on the target system.

Successful exploitation of this vulnerability may allow a remote attacker to read data in database.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-106/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) SQL injection

EUVDB-ID: #VU23999

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "filterStr" parameter in the "getJobLength" method. A remote administrator can send a specially crafted request to the affected application and gain access to sensitive information on the target system.

Successful exploitation of this vulnerability may allow a remote attacker to read data in database.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-107/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) SQL injection

EUVDB-ID: #VU23998

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "filterStr" parameter in the "getVpcCount" method. A remote administrator can send a specially crafted request to the affected application and gain access to sensitive information on the target system.

Successful exploitation of this vulnerability may allow a remote attacker to read data in database.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-108/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) SQL injection

EUVDB-ID: #VU23997

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15984

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "filterStr" parameter in the "getGirTaskLength" method. A remote administrator can send a specially crafted request to the affected application and gain access to sensitive information on the target system.

Successful exploitation of this vulnerability may allow a remote attacker to read data in database.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-109/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) SQL injection

EUVDB-ID: #VU23996

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15985

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the SOAP API due to insufficient sanitization of user-supplied data in "getEndPortConnectionsForStorageEnclosure" endpoint in the "DbInventoryWSService/DbInventoryWS" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-061/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) SQL injection

EUVDB-ID: #VU23995

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15985

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists in the SOAP API due to insufficient sanitization of user-supplied data in "getEndPortConnectionsForStorageSystem" endpoint in the "DbInventoryWSService/DbInventoryWS" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-062/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) XML External Entity injection

EUVDB-ID: #VU23994

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15983

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists in the SOAP API due to insufficient validation of user-supplied XML input within the getInventoryIslList SOAP endpoint of "DashboardWSService/DashboardWS". A remote administrator can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.

Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-xml-ext-entity
http://www.zerodayinitiative.com/advisories/ZDI-20-114/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) XML External Entity injection

EUVDB-ID: #VU23993

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15983

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists in the SOAP API due to insufficient validation of user-supplied XML input within the addGroupNavigation SOAP endpoint of "DbAdminWSService/DbAdminWS". A remote administrator can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.

Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-xml-ext-entity
http://www.zerodayinitiative.com/advisories/ZDI-20-117/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) XML External Entity injection

EUVDB-ID: #VU23992

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15983

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists in the SOAP API due to insufficient validation of user-supplied XML input in "rest/cable-plans/import". A remote administrator can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.

Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-xml-ext-entity
http://www.zerodayinitiative.com/advisories/ZDI-20-119/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) XML External Entity injection

EUVDB-ID: #VU23991

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15983

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists in the SOAP API due to insufficient validation of user-supplied XML input within the "getTopologyVlanList" SOAP endpoint of DashboardWS. A remote administrator can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.

Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-xml-ext-entity
http://www.zerodayinitiative.com/advisories/ZDI-20-120/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Path traversal

EUVDB-ID: #VU23990

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15982

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists in the Application Framework feature due to input validation error when processing directory traversal sequences within the "AFW Image Upload" component. A remote administrator can send a specially crafted HTTP request and execute arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav
http://www.zerodayinitiative.com/advisories/ZDI-20-103/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Path traversal

EUVDB-ID: #VU23989

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15981

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists in the SOAP API within the SOAP storeConfigToFS endpoint of the "WebAnalysisWSService/WebAnalysisWS" path in the service. A remote authenticated attacker can send a specially crafted HTTP request and cause a denial of service (DoS) condition on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav
http://www.zerodayinitiative.com/advisories/ZDI-20-009/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Path traversal

EUVDB-ID: #VU23988

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15981

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists in the SOAP API within the readConfigFileFromDBAsXML SOAP endpoint called by accessing the "WebAnalysisWSService/WebAnalysis" path in the service. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav
http://www.zerodayinitiative.com/advisories/ZDI-20-010/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Path traversal

EUVDB-ID: #VU23987

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15981

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists in the SOAP API within the SOAP deleteReportTemplate endpoint of the "ReportWSService/ReportWS" path in the service. A remote authenticated attacker can send a specially crafted HTTP request and cause a denial of service (DoS) on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav
http://www.zerodayinitiative.com/advisories/ZDI-20-014/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Path traversal

EUVDB-ID: #VU23986

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15981

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists in the SOAP API within the readConfigFileFromDB SOAP endpoint called by accessing the "WebAnalysisWSService/WebAnalysis" path in the service. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav
http://www.zerodayinitiative.com/advisories/ZDI-20-015/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Path traversal

EUVDB-ID: #VU23978

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15980

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists in the REST API within the "fm/fmrest/dbadmin/saveLicenseFileToServer" path in the service. A remote administrator can send a specially crafted HTTP request and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav
http://www.zerodayinitiative.com/advisories/ZDI-20-004/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Path traversal

EUVDB-ID: #VU23977

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15980

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists in the REST API within the "fm/fmrest/dbadmin/runZoneMigrationForBrocade" path in the service. A remote administrator can send a specially crafted HTTP request and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav
http://www.zerodayinitiative.com/advisories/ZDI-20-005/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Path traversal

EUVDB-ID: #VU23976

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15980

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists in the REST API within the "ConfigArchiveRest" method called by accessing the "fm/fmrest/config/archive/restore/log" path in the service in the "getRestoreLog" component. A remote authenticated attacker can send a specially crafted HTTP request and and read arbitrary files on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav
http://www.zerodayinitiative.com/advisories/ZDI-20-006/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Path traversal

EUVDB-ID: #VU23975

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15980

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists in the REST API within the "fm/fmrest/report/reporttemplateuploadpolicy" path in the service. A remote administrator can send a specially crafted HTTP request and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav
http://www.zerodayinitiative.com/advisories/ZDI-20-007/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Path traversal

EUVDB-ID: #VU23974

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15980

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists in the REST API within the "fm/fmrest/dbadmin/installSwitchLicense" path in the service in the "DbAdminRest" component. A remote administrator can send a specially crafted HTTP request and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav
http://www.zerodayinitiative.com/advisories/ZDI-20-011/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Path traversal

EUVDB-ID: #VU23973

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15980

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists in the REST API within the processing of requests to the switch-definitions and upload endpoints in the "writeToFile" component. A remote administrator can send a specially crafted HTTP request and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav
http://www.zerodayinitiative.com/advisories/ZDI-20-101/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Path traversal

EUVDB-ID: #VU23972

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15980

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists in the REST API within the processing of requests to the "rest/auto-config/fabrics/abc/deployments/files" endpoint in the "getDeployContent" component. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav
http://www.zerodayinitiative.com/advisories/ZDI-20-118/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) OS Command Injection

EUVDB-ID: #VU23971

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-15979

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists in the SOAP API within the processing of requests to the importTS endpoint of the SanWSService/SanWS service. A remote administrator can send a specially crafted request and execute arbitrary OS commands on the target device.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-comm-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-100/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

121) OS Command Injection

EUVDB-ID: #VU23970

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-15978

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists in the REST API due to insufficient validation of user-supplied input when the processing of requests to the fabrics endpoint in the "createLanFabric" component. A remote administrator can send a specially crafted request and execute arbitrary OS commands on the target device.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-comm-inject
http://www.zerodayinitiative.com/advisories/ZDI-20-102/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

122) Use of hard-coded credentials

EUVDB-ID: #VU23969

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-15977

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists in the web-based management interface within the processing of web requests due to the presence of static credentials in the "JBoss_4_2Encrypter" component. A remote unauthenticated attacker can access a specific section of the web interface and obtain certain confidential information from an affected device

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass
http://www.zerodayinitiative.com/advisories/ZDI-20-013/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

123) Use of hard-coded credentials

EUVDB-ID: #VU23968

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-15977

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists in the web-based management interface within the processing of web requests due to the presence of static credentials in "serverinfo" component. A remote unauthenticated attacker can access a specific section of the web interface and obtain certain confidential information from an affected device

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass
http://www.zerodayinitiative.com/advisories/ZDI-20-012/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

124) Use of hard-coded credentials

EUVDB-ID: #VU23967

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-15976

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists in the SOAP API endpoint within the validation of SSO tokens of SOAP packets due to a static encryption key is shared between installations. A remote unauthenticated attacker can access the affected system using the static key to craft a valid session token and perform arbitrary actions through the SOAP API with administrative privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass
http://www.zerodayinitiative.com/advisories/ZDI-20-008/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

125) Use of hard-coded credentials

EUVDB-ID: #VU23966

Risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2019-15975

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists in the REST API endpoint within the processing of the dbadmin/addUser functionality due to a static encryption key is shared between installations. A remote unauthenticated attacker can access the affected system using the static key to craft a valid session token and perform arbitrary actions through the REST API with administrative privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass
http://www.zerodayinitiative.com/advisories/ZDI-20-003/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

126) Improper access control

EUVDB-ID: #VU23965

Risk: Medium

CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-15999

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to an incorrect configuration of the authentication settings on the JBoss EAP. A remote authenticated attacker can bypass implemented security restrictions and gain unauthorized access to the JBoss EAP.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-unauth-access


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

127) Cross-site request forgery

EUVDB-ID: #VU25490

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3114

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin in the web-based management interface. A remote attacker can trick the victim to visit a specially crafted web page and follow a malicious link while having an active session on an affected device.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-dcnm-csrf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Cross-site scripting

EUVDB-ID: #VU25489

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3113

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the web-based management interface. A remote administrator can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-dcnm-xss


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU25488

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3112

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to insufficient access control validation in the REST API endpoint. A remote authenticated attacker can send a specially crafted request to the API and interact with the API with administrative privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Data Center Network Manager: before 11.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-dcnm-priv-esc


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###