Cisco released security updates for Data Center Network Manager to address several vulnerabilities that could allow a remote attacker to take over an affected system.
Two of the vulnerabilities are rated critical and include an Arbitrary File Upload and Remote Code Execution vulnerability and an Authentication Bypass vulnerability, according to a June 26 US Cert advisory.
The Arbitrary File Upload and Remote Code Execution vulnerability is caused by an incorrect permission settings in affected DCNM software that could be exploited by uploading specially crafted data to the affected device.
The Authentication Bypass Vulnerability is caused by improper session management on affected DCNM software that can also be exploited by sending a crafted HTTP request.
The other vulnerabilities were a “High” rated Arbitrary File Download Vulnerability and a “Medium” rated Information Disclosure Vulnerability.