What is CVE-2019-15983?

CVE-2019-15983 is a vulnerability in the SOAP API of Cisco Data Center Network Manager (DCNM) that allows an authenticated, remote attacker to gain read access to information on the system.

How severe is CVE-2019-15983?

CVE-2019-15983 has a severity rating of 4.9 (medium).

How does CVE-2019-15983 affect Cisco Data Center Network Manager?

CVE-2019-15983 affects Cisco Data Center Network Manager versions up to and excluding 11.3(1).

What is the Common Weakness Enumeration (CWE) ID for CVE-2019-15983?

The CWE ID for CVE-2019-15983 is CWE-611.

How can I fix CVE-2019-15983?

To fix CVE-2019-15983, update Cisco Data Center Network Manager to a version beyond 11.3(1).

Vulnerability/
CVE-2019-15983

medium

4.9

CWE

611

6/1/2020

15/11/2024

CVE-2019-15983: Cisco Data Center Network Manager XML External Entity Read Access Vulnerability

First published: Mon Jan 06 2020(Updated: )

A vulnerability in the SOAP API of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need administrative privileges on the DCNM application. The vulnerability exists because the SOAP API improperly handles XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by inserting malicious XML content in an API request. A successful exploit could allow the attacker to read arbitrary files from the affected device. Note: The severity of this vulnerability is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Data Center Network Manager	<11.3\(1\)

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-xml-ext-entity

Frequently Asked Questions

What is CVE-2019-15983?
CVE-2019-15983 is a vulnerability in the SOAP API of Cisco Data Center Network Manager (DCNM) that allows an authenticated, remote attacker to gain read access to information on the system.
How severe is CVE-2019-15983?
CVE-2019-15983 has a severity rating of 4.9 (medium).
How does CVE-2019-15983 affect Cisco Data Center Network Manager?
CVE-2019-15983 affects Cisco Data Center Network Manager versions up to and excluding 11.3(1).
What is the Common Weakness Enumeration (CWE) ID for CVE-2019-15983?
The CWE ID for CVE-2019-15983 is CWE-611.
How can I fix CVE-2019-15983?
To fix CVE-2019-15983, update Cisco Data Center Network Manager to a version beyond 11.3(1).

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/tags
agent/author
agent/description
agent/last-modified-date
agent/severity
agent/weakness
agent/title
agent/event
agent/first-publish-date
vendor/cisco
canonical/cisco data center network manager

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.