CVE-2019-1620— Cisco Data Center Network Manager 权限许可和访问控制问题漏洞

Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device.

N/A

权限、特权和访问控制

Cisco Data Center Network Manager 权限许可和访问控制问题漏洞

Cisco Data Center Network Manager是美国思科（Cisco）公司的一套数据中心管理系统。该系统适用于Cisco Nexus和MDS系列交换机，提供存储可视化、配置和故障排除等功能。 Cisco Data Center Network Manager 11.2(1)之前版本中的基于Web的管理界面存在权限许可和访问控制问题漏洞，该漏洞源于不正确的权限设置。攻击者可通过上传特制的数据利用该漏洞写入任意文件并root权限执行代码。

N/A

N/A