CVE-2019-1619 PoC — Cisco Data Center Network Manager Authentication Bypass Vulnerability

Source

https://github.com/Cipolone95/CVE-2019-1619

Associated Vulnerability

Title:Cisco Data Center Network Manager Authentication Bypass Vulnerability (CVE-2019-1619)
Description:A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device.

Description

Powershell Script to build token for CVE-2019-1619

Readme

# CVE-2019-1619
Powershell Script to build the token needed for Authentication Bypass. I was in a pentest and found a server vulnerable to CVE-2019-1619. I couldn't leverage the metasploit module due to restricted access so I exploited it manually. I created this script to automate the building of the token. Full documentation of the CVE can be found at https://github.com/pedrib/PoC/blob/master/advisories/Cisco/cisco-dcnm-rce.txt.

File Snapshot


 [4.0K]  /data/pocs/701d1956b4f151c0a1282e9018243f3dad8d5ecf
├── [ 436]  README.md
└── [1.2K]  tokenBuilder.ps1

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!