Intrusion Prevention

Cisco.DCNM.SecurityManager.Authentication.Bypass

Description

This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in Cisco Systems Data Center Network Manager.
The vulnerability is due to a hard-coded cryptographic key shared across installations. Successful exploitation of this vulnerability could allow the attacker to bypass authentication and perform arbitrary actions through the SOAP API with administrative privileges

Affected Products

Cisco Systems Data Center Network Manager prior to 11.3(1)

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass

CVE References

CVE-2019-15976