25 C
Jaipur
Friday, October 23, 2020

Cisco Fixed 11 Bugs in Cisco Data Center Network Manager

Must read

huawei: Huawei ekes out third-quarter revenue growth as US restrictions bite – Latest News

Huawei Technologies Co Ltd eked out a gain in third-quarter revenue as the impact of the COVID-19 pandemic added to supply-chain difficulties brought about...

MEE Audio launches new range of Bluetooth audio accessories

MEE Audio has released a new range of audio products at different price points. There’s a new ‘MEE Audio Connect

Accenture along with SAP aims to take businesses into cloud-based open industry solutions

Accenture has announced it will be working side-by-side with SAP to help companies change their business operations with industry-specific solutions based on SAP’s...

huawei: Italy vetoes 5G deal between Fastweb and China’s Huawei: Sources – Latest News

Italy has prevented telecoms group Fastweb from signing a supply deal with Huawei for its 5G core network, two sources close to the matter...

Cisco released a security update for several vulnerabilities that affected the Cisco products, including 3 critical remote code execution vulnerabilities that affected the Cisco Datacenter Network Manager let attackers take admin privilege remotely.

Out of 12 vulnerability, 3 marked as “Critical” severity, 7 bugs of categorized as “High” severity, and the rest of the 2 vulnerabilities listed under ” Medium” severity.

Cisco Data Center Network Manager (DCNM) is a network management solution for next-generation Data Centers, and the Cisco DCNM’s goal is to reduce Operation expenses by providing efficient operations and troubleshooting.

Critical Severity Vulnerabilities

3 Critical vulnerabilities that exist in the authentication mechanisms of the Cisco Data Center Network Manager (DCNM) could allow unauthenticated and remote attackers to bypass the authentication of executing the arbitrary code in the affected system.

Vulnerabilities affect the earlier version of  Cisco DCNM software 11.3(1) for Microsoft Windows, Linux, and virtual appliance platforms.

All 3 vulnerabilities allow attackers to bypass the authentication of the following:

  • Cisco Data Center Network Manager REST API ( CVE ID: CVE-2019-15975 )
  • Cisco Data Center Network Manager SOAP API {CVE ID: CVE-2019-15976)
  • The web-based management interface of the Cisco DCNM (CVE ID: CVE-2019-15977)

High Severity Vulnerabilities

There are 7 high severity vulnerabilities addressed in this security update and it allows attackers to perform different attackers such as SQL injection, injecting malicious commands and directory traversal attacks.

2 SQL injection vulnerabilities that affected the Cisco Data Center Network Manager Let remote attackers execute arbitrary SQL commands on an affected device. 

Researchers discovered a 3 Cisco Data Center Network Manager Path Traversal Vulnerabilities that allow a remote attacker to conduct directory traversal attacks on an affected device with admin privilege.

2 Command injection vulnerabilities are uncovered in the REST and SOAP API endpoints of Cisco Data Center Network Manager that allows attackers to inject arbitrary commands on the underlying operating system (OS).

Cisco Vulnerabilities Details

Cisco advised the affected customers to apply these patches immediately to keep the network and application safe and secure from cyber attack.

Cisco has released updates to address this vulnerability; you can find the advisory here.

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

huawei: Huawei ekes out third-quarter revenue growth as US restrictions bite – Latest News

Huawei Technologies Co Ltd eked out a gain in third-quarter revenue as the impact of the COVID-19 pandemic added to supply-chain difficulties brought about...

MEE Audio launches new range of Bluetooth audio accessories

MEE Audio has released a new range of audio products at different price points. There’s a new ‘MEE Audio Connect

Accenture along with SAP aims to take businesses into cloud-based open industry solutions

Accenture has announced it will be working side-by-side with SAP to help companies change their business operations with industry-specific solutions based on SAP’s...

huawei: Italy vetoes 5G deal between Fastweb and China’s Huawei: Sources – Latest News

Italy has prevented telecoms group Fastweb from signing a supply deal with Huawei for its 5G core network, two sources close to the matter...

huawei: Huawei reports 9.9% revenue growth in first 3 quarters of 2020 – Latest News

Huawei on Friday said that it generated a revenue of 671.3 billion yuan ($98.57 billion) in the first three quarters of this year, an...