Patch/Configuration Management, Vulnerability Management

Cisco releases security updates for Data Center Network Manager

Cisco released security updates for Data Center Network Manager to address several vulnerabilities that could allow a remote attacker to take over an affected system.

Two of the vulnerabilities are rated critical and include an Arbitrary File Upload and Remote Code Execution vulnerability and an Authentication Bypass vulnerability, according to a June 26 US Cert advisory

The Arbitrary File Upload and Remote Code Execution vulnerability is caused by an incorrect permission settings in affected DCNM software that could be exploited by uploading specially crafted data to the affected device. 

The Authentication Bypass Vulnerability is caused by  improper session management on affected DCNM software that can also be exploited by sending a crafted HTTP request.

The other vulnerabilities were a “High” rated Arbitrary File Download Vulnerability and a “Medium” rated Information Disclosure Vulnerability.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.