• About
  • Advertise
  • Careers
  • Contact
Monday, February 6, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

Cisco addresses several flaws in its DCNM product

by Cyber360 News
January 3, 2020
in Security
0
Cisco addresses several flaws in its DCNM product
0
SHARES
1
VIEWS
Share on FacebookShare on Twitter

Cisco has released software updates for its Data Center Network Manager (DCNM) product to address several critical and high-severity issues.

Cisco has released software updates that address several critical and high-severityvulnerabilities in its Data Center Network Manager (DCNM) product.

All the vulnerabilities were reported to Cisco through Trend Micro’s Zero Day Initiative (ZDI) and Accenture’s iDefense service by the security researcher Steven Seeley of Source Incite and Harrison Neal from PatchAdvisor.

Cisco published six advisories for a dozen vulnerabilities, eleven of them were reported by Seeley, three of these issues have been rated as critical and seven as high severity. The issues reported by Neal have been rated as medium severity.

Some of the critical flaws addressed by Cisco in DCNM could be exploited by attackers to bypass authentication and execute arbitrary actions with admin privileges on the vulnerable devices.

“Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device.” reads the advisory published by Cisco.

“For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.”

The vulnerabilities have been tracked as CVE-2019-15975, CVE-2019-15976 and CVE-2019-15977. The issues affect the REST API endpoint, the SOAP API endpoint and the web-based management interface.

Cisco also addressed two of the high-severity SQL injection flaws that could be exploited by an attacker with administrative privileges to execute arbitrary SQL commands on a vulnerable device.

Three of the high-severity weaknesses could be exploited by an attacker to conduct path traversals, and two other high-severity issues by exploited by an attacker with admin rights to inject arbitrary commands on the underlying operating system.

The good news is that Cisco is not aware of attacks in the wild exploiting these vulnerabilities.

Pierluigi Paganini

(SecurityAffairs – CISCO DCNM, hacking)



Share On


Cyber360 News

Cyber360 News

Next Post
Hackers Compromise Special Olympics New Yorks Email Platform and Send Out Phishing Emails

Hackers Compromise Special Olympics New Yorks Email Platform and Send Out Phishing Emails

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In