Home Hacking News Critical Vulnerabilities Patched In Cisco Data Center Network Manager Software
Hacking NewsLatest Cyber Security News | Network Security HackingNewsVulnerabilities

Critical Vulnerabilities Patched In Cisco Data Center Network Manager Software

by Abeerah Hashim
written by Abeerah Hashim
Cisco Data Center Network Manager bugs

Cisco has recently rolled-out fixes for multiple vulnerabilities in its Data Center Network Manager (DCNM) software. These include a total of four security fixes for vulnerabilities with varying severity levels. Two of these included critical vulnerabilities that could let an attacker remotely access a target device.

Critical Vulnerabilities In Cisco DCNM Software

Recently, Cisco has addressed two critical security flaws in the Data Center Network Manager (DCNM) software. These vulnerabilities existed in the web-based management interface of the software. Exploiting these flaws could allow remote attacks on the system.

The first of these, CVE-2019-1619, is an authentication bypass vulnerability with a CVSS score of 9.8. Describing it in the advisory, Cisco stated,

The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device.

Cisco fixed this vulnerability with the release of DCNM Software v.11.1(1) and later.

Whereas, the other one, CVE-2019-1620, is an arbitrary file upload and remote code execution flaw. This one too has a CVSS base score of 9.8. Regarding this vulnerability, Cisco stated in its advisory,

The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device.

The vendors patched the flaw with Cisco DCNM Software Release 11.2(1) and later.

Other Flaws In Data Center Network Manager

Apart from the above two critical vulnerabilities, Cisco also addresses two other security flaws in the software. These include a high-severity arbitrary file download vulnerability, CVE-2019-1621, that could allow remote attacker access and download sensitive files from the target system; and an information disclosure flaw of medium severity (CVE-2019-1622) allowing unauthenticated remote attacks.

The users of Cisco DCNM must ensure updating their devices to DCNM Software Release 11.2(1) and later to stay protected from potential risks. Cisco acknowledged the independent researcher Pedro Ribeiro for highlighting all these flaws.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses