Cisco released security updates for Data Center Network Manager to address several vulnerabilities that could allow a remote attacker to take over an affected system.
Two of the vulnerabilities are rated critical and include an Arbitrary File Upload and Remote Code Execution vulnerability and an Authentication Bypass vulnerability, according to a US Cert advisory on 26 June.
The Arbitrary File Upload and Remote Code Execution vulnerability is caused by an incorrect permission settings in affected DCNM software that could be exploited by uploading specially crafted data to the affected device.
The Authentication Bypass Vulnerability is caused by improper session management on affected DCNM software that can also be exploited by sending a crafted HTTP request.
The other vulnerabilities were a "High" rated Arbitrary File Download Vulnerability and a "Medium" rated Information Disclosure Vulnerability.
This article was originally published on SC Media US.