Cisco releases security updates for Data Center Network Manager

News by Robert Abel

The updates address several vulnerabilities, two of which are rated critical

Cisco released security updates for Data Center Network Manager to address several vulnerabilities that could allow a remote attacker to take over an affected system.

Two of the vulnerabilities are rated critical and include an Arbitrary File Upload and Remote Code Execution vulnerability and an Authentication Bypass vulnerability, according to a US Cert advisory on 26 June

The Arbitrary File Upload and Remote Code Execution vulnerability is caused by an incorrect permission settings in affected DCNM software that could be exploited by uploading specially crafted data to the affected device. 

The Authentication Bypass Vulnerability is caused by  improper session management on affected DCNM software that can also be exploited by sending a crafted HTTP request.

The other vulnerabilities were a "High" rated Arbitrary File Download Vulnerability and a "Medium" rated Information Disclosure Vulnerability.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews