Vulnerabilities > CVE-2019-15983 - XXE vulnerability in Cisco Data Center Network Manager

047910
CVSS 4.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
cisco
CWE-611
nessus

Summary

A vulnerability in the SOAP API of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need administrative privileges on the DCNM application. The vulnerability exists because the SOAP API improperly handles XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by inserting malicious XML content in an API request. A successful exploit could allow the attacker to read arbitrary files from the affected device. Note: The severity of this vulnerability is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.

Nessus

NASL familyCISCO
NASL idCISCO-SA-20200102-DCNM.NASL
descriptionAccording to its self-reported version number, the instance of Cisco DCNM hosted on the remote server is prior to 11.3(1). It is, therefore, affected by multiple vulnerabilities: - An authentication bypass vulnerability exists in the REST API, SOAP API, and the web-based management interface due to a static encryption key being shared between installations. An unauthenticated, remote attacker can exploit this, via the REST API, SOAP API, or web-based management interface, to bypass authentication and execute arbitrary actions with administrative privileges. (CVE-2019-15975, CVE-2019-15976, CVE-2019-15977) - A command injection vulnerability exists in the REST API and SOAP API due to insufficient validation of user-supplied input. An authenticated, remote attacker can exploit this, via the APIs, to execute arbitrary commands. (CVE-2019-15978, CVE-2019-15979) - A path traversal vulnerability exists in the REST API and SOAP API due to insufficient validation of user-supplied input. An authenticated, remote attacker can exploit this, via the APIs, to read, write, or execute arbitrary files on the system. (CVE-2019-15980, CVE-2019-15981, CVE-2019-15982) - An XML external entity (XXE) vulnerability exists due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. An authenticated, remote attacker can exploit this, via specially crafted XML data in the SOAP API, to disclose sensitive information. (CVE-2019-15983) - A SQL injection (SQLi) vulnerability exists in the SOAP API and REST API due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data. (CVE-2019-15984, CVE-2019-15985, CVE-2019-15986) - A vulnerability exists in the authentication settings of the JBOSS EAP due to an incorrect configuration. An authenticated, remote attacker can exploit this by authentication with a specific low-privilege account, to gain unauthorized access to the JBOSS EAP. (CVE-2019-15999)
last seen2020-03-28
modified2020-01-09
plugin id132721
published2020-01-09
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/132721
titleCisco Data Center Network Manager < 11.3(1) Multiple Vulnerabilities