exploit the possibilities
Showing 1 - 7 of 7 RSS Feed

CVE-2019-1622

Status Candidate

Overview

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download log files and diagnostic information from the affected device.

Related Files

Ubuntu Security Notice USN-4287-2
Posted Feb 19, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4287-2 - USN-4287-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-14615, CVE-2019-15099, CVE-2019-15291, CVE-2019-16229, CVE-2019-16232, CVE-2019-18683, CVE-2019-18786, CVE-2019-18809, CVE-2019-18885, CVE-2019-19057, CVE-2019-19062, CVE-2019-19063, CVE-2019-19071, CVE-2019-19078, CVE-2019-19082, CVE-2019-19227, CVE-2019-19332, CVE-2019-19767, CVE-2019-19965, CVE-2019-20096, CVE-2019-5108, CVE-2020-7053
MD5 | e0a917b1318a227cbe7dcda44cca0d1a
Ubuntu Security Notice USN-4287-1
Posted Feb 19, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4287-1 - It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-14615, CVE-2019-15099, CVE-2019-15291, CVE-2019-16229, CVE-2019-16232, CVE-2019-18683, CVE-2019-18786, CVE-2019-18809, CVE-2019-18885, CVE-2019-19057, CVE-2019-19062, CVE-2019-19063, CVE-2019-19071, CVE-2019-19078, CVE-2019-19082, CVE-2019-19227, CVE-2019-19332, CVE-2019-19767, CVE-2019-19965, CVE-2019-20096, CVE-2019-5108, CVE-2020-7053
MD5 | 8ac6c9839149435e4e444efe50c60dbc
Ubuntu Security Notice USN-4285-1
Posted Feb 19, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4285-1 - It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. It was discovered that the HSA Linux kernel driver for AMD GPU devices did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-14615, CVE-2019-16229, CVE-2019-16232, CVE-2019-18786, CVE-2019-18809, CVE-2019-19057, CVE-2019-19063, CVE-2019-19947, CVE-2019-19965, CVE-2019-20096, CVE-2019-5108, CVE-2020-7053
MD5 | daf9f1592f5ba45b8c8932f8eca98761
Ubuntu Security Notice USN-4284-1
Posted Feb 19, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4284-1 - It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-14615, CVE-2019-15099, CVE-2019-15291, CVE-2019-16229, CVE-2019-16232, CVE-2019-18683, CVE-2019-18786, CVE-2019-18811, CVE-2019-19050, CVE-2019-19057, CVE-2019-19063, CVE-2019-19071, CVE-2019-19077, CVE-2019-19078, CVE-2019-19082, CVE-2019-19241, CVE-2019-19252, CVE-2019-19332, CVE-2019-19602, CVE-2019-19767, CVE-2019-19947, CVE-2019-19965
MD5 | e903243d36a1aa3e1ef54c023594f389
Debian Security Advisory 4599-1
Posted Jan 8, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4599-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create open redirects, poison cache, and bypass authorization access and input sanitation.

tags | advisory, remote, web, vulnerability, csrf
systems | linux, debian
advisories | CVE-2019-16217, CVE-2019-16218, CVE-2019-16219, CVE-2019-16220, CVE-2019-16221, CVE-2019-16222, CVE-2019-16223, CVE-2019-16780, CVE-2019-16781, CVE-2019-17669, CVE-2019-17671, CVE-2019-17672, CVE-2019-17673, CVE-2019-17674, CVE-2019-17675, CVE-2019-20041, CVE-2019-20042, CVE-2019-20043
MD5 | 4cfa3cf73bd5ad4d9281921b1a5f55a1
Cisco Data Center Network Manager Unauthenticated Remote Code Execution
Posted Sep 2, 2019
Authored by Pedro Ribeiro | Site metasploit.com

DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication bypass on versions 10.4(2) and below, and CVE-2019-1622 (information disclosure) to obtain the correct directory for the WAR file upload. This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0(1) and 11.1(1), and should work on a few versions below 10.4(2). Only version 11.0(1) requires authentication to exploit (see References to understand why).

tags | exploit, remote, root, vulnerability, code execution, info disclosure, file upload
systems | linux
advisories | CVE-2019-1619, CVE-2019-1620, CVE-2019-1622
MD5 | 36ee8d3d9c4f34baf4548adaddbd4e36
Cisco Data Center Network Manager 11.1(1) Remote Code Execution
Posted Jul 8, 2019
Authored by Pedro Ribeiro

Cisco Data Center Network Manager (DCNM) versions 11.1(1) and below suffer from authentication bypass, arbitrary file upload, arbitrary file download, and information disclosure vulnerabilities.

tags | exploit, arbitrary, vulnerability, info disclosure, file upload
systems | cisco
advisories | CVE-2019-1619, CVE-2019-1620, CVE-2019-1621, CVE-2019-1622
MD5 | 2bd84aa0b859d4eb5b1a69ff91efea19
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close