Details of VAR-202001-0784

ID

VAR-202001-0784

CVE

CVE-2019-15984

TITLE

Cisco Data Center Network Manager getList SQL Injection Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-20-085 // ZDI: ZDI-20-086

DESCRIPTION

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the processing of requests to the StatisticsWSService/StatisticsWS service. When parsing the sortType parameter of the getNpvLinkStatList endpoint, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. The vulnerability stems from insufficient input validation provided by the user to the API

Trust: 12.15

sources: NVD: CVE-2019-15984 // ZDI: ZDI-20-020 // ZDI: ZDI-20-086 // ZDI: ZDI-20-080 // ZDI: ZDI-20-090 // ZDI: ZDI-20-076 // ZDI: ZDI-20-056 // ZDI: ZDI-20-066 // ZDI: ZDI-20-026 // ZDI: ZDI-20-110 // ZDI: ZDI-20-036 // ZDI: ZDI-20-106 // ZDI: ZDI-20-016 // ZDI: ZDI-20-038 // ZDI: ZDI-20-085 // ZDI: ZDI-20-096 // ZDI: ZDI-20-099 // ZDI: ZDI-20-046 // CNVD: CNVD-2020-00281

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-00281

AFFECTED PRODUCTS

vendor:	cisco	model:	data center network manager	scope:	-	version:	-	Trust: 11.9
vendor:	cisco	model:	data center network manager	scope:	lt	version:	11.3\(1\)	Trust: 1.0
vendor:	cisco	model:	data center network manager	scope:	lt	version:	11.3(1)	Trust: 0.6

sources: ZDI: ZDI-20-110 // ZDI: ZDI-20-020 // ZDI: ZDI-20-099 // ZDI: ZDI-20-096 // ZDI: ZDI-20-085 // ZDI: ZDI-20-038 // ZDI: ZDI-20-016 // ZDI: ZDI-20-106 // ZDI: ZDI-20-036 // ZDI: ZDI-20-046 // ZDI: ZDI-20-026 // ZDI: ZDI-20-066 // ZDI: ZDI-20-056 // ZDI: ZDI-20-076 // ZDI: ZDI-20-090 // ZDI: ZDI-20-080 // ZDI: ZDI-20-086 // CNVD: CNVD-2020-00281 // NVD: CVE-2019-15984

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2019-15984
value:	HIGH
Trust: 11.2
nvd@nist.gov:	CVE-2019-15984
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15984
value:	HIGH
Trust: 1.0
ZDI:	CVE-2019-15984
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2020-00281
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-15984
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2020-00281
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

ZDI:	CVE-2019-15984
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 9.1
ZDI:	CVE-2019-15984
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 2.1
nvd@nist.gov:	CVE-2019-15984
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-15984
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.0
ZDI:	CVE-2019-15984
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.0
Trust: 0.7

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.0

sources: NVD: CVE-2019-15984

PATCH

title:	Cisco has issued an update to correct this vulnerability.	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject	Trust: 11.9
title:	Patch for Cisco Data Center Network Manager REST API SQL Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/195959	Trust: 0.6

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15984	Trust: 13.5
db:	PACKETSTORM	id:	156239	Trust: 1.0
db:	ZDI_CAN	id:	ZDI-CAN-9352	Trust: 0.7
db:	ZDI	id:	ZDI-20-110	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9043	Trust: 0.7
db:	ZDI	id:	ZDI-20-020	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9301	Trust: 0.7
db:	ZDI	id:	ZDI-20-099	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9283	Trust: 0.7
db:	ZDI	id:	ZDI-20-096	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9208	Trust: 0.7
db:	ZDI	id:	ZDI-20-085	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9182	Trust: 0.7
db:	ZDI	id:	ZDI-20-038	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9029	Trust: 0.7
db:	ZDI	id:	ZDI-20-016	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9348	Trust: 0.7
db:	ZDI	id:	ZDI-20-106	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9074	Trust: 0.7
db:	ZDI	id:	ZDI-20-036	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9125	Trust: 0.7
db:	ZDI	id:	ZDI-20-046	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9070	Trust: 0.7
db:	ZDI	id:	ZDI-20-026	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9180	Trust: 0.7
db:	ZDI	id:	ZDI-20-066	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9163	Trust: 0.7
db:	ZDI	id:	ZDI-20-056	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9196	Trust: 0.7
db:	ZDI	id:	ZDI-20-076	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9216	Trust: 0.7
db:	ZDI	id:	ZDI-20-090	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9200	Trust: 0.7
db:	ZDI	id:	ZDI-20-080	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-9209	Trust: 0.7
db:	ZDI	id:	ZDI-20-086	Trust: 0.7
db:	CNVD	id:	CNVD-2020-00281	Trust: 0.6

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200102-dcnm-sql-inject	Trust: 13.5
url:	http://packetstormsecurity.com/files/156239/cisco-data-center-network-manager-11.2.1-sql-injection.html	Trust: 1.0

CREDITS

Steven Seeley (mr_me) of Source Incite

Trust: 11.9

SOURCES

db:	ZDI	id:	ZDI-20-110
db:	ZDI	id:	ZDI-20-020
db:	ZDI	id:	ZDI-20-099
db:	ZDI	id:	ZDI-20-096
db:	ZDI	id:	ZDI-20-085
db:	ZDI	id:	ZDI-20-038
db:	ZDI	id:	ZDI-20-016
db:	ZDI	id:	ZDI-20-106
db:	ZDI	id:	ZDI-20-036
db:	ZDI	id:	ZDI-20-046
db:	ZDI	id:	ZDI-20-026
db:	ZDI	id:	ZDI-20-066
db:	ZDI	id:	ZDI-20-056
db:	ZDI	id:	ZDI-20-076
db:	ZDI	id:	ZDI-20-090
db:	ZDI	id:	ZDI-20-080
db:	ZDI	id:	ZDI-20-086
db:	CNVD	id:	CNVD-2020-00281
db:	NVD	id:	CVE-2019-15984

LAST UPDATE DATE

2025-06-18T23:05:01.230000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-110	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-020	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-099	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-096	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-085	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-038	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-016	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-106	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-036	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-046	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-026	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-066	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-056	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-076	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-090	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-080	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-086	date:	2020-01-03T00:00:00
db:	CNVD	id:	CNVD-2020-00281	date:	2020-01-03T00:00:00
db:	NVD	id:	CVE-2019-15984	date:	2024-11-21T04:29:52.267

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-110	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-020	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-099	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-096	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-085	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-038	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-016	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-106	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-036	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-046	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-026	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-066	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-056	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-076	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-090	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-080	date:	2020-01-03T00:00:00
db:	ZDI	id:	ZDI-20-086	date:	2020-01-03T00:00:00
db:	CNVD	id:	CNVD-2020-00281	date:	2020-01-03T00:00:00
db:	NVD	id:	CVE-2019-15984	date:	2020-01-06T08:15:11.440