Your one-stop web resource providing safety and security information to manufacturers

Cisco released security updates to address vulnerabilities in Cisco Data Center Network Manager (DCNM).

A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

RELATED STORIES
Cisco Clears Multiple Holes, Including 3 Critical
Cisco Clears IOS XE Software Web UI Hole
Cisco Issues Series of Security Fixes
Cisco Fixes Critical PI, EPN Holes

A vulnerability rated critical in the web-based management interface of DCNM could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device.

The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device.

Cyber Security

The vulnerability affects DCNM software releases prior to Release 11.2(1).

Cisco released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Another issue rated critical is a DCNM authentication bypass vulnerability.

A vulnerability in the web-based management interface of DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device.

The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device.

The vulnerability affects Cisco Data Center Network Manager (DCNM) software releases prior to Release 11.1(1).

Cisco released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

In addition, DCNM arbitrary file download vulnerability was labeled a high risk and the DCNM information disclosure vulnerability rated a medium level.

Pin It on Pinterest

Share This