Cisco has just lately rolled-out fixes for a number of vulnerabilities in its Information Middle Community Supervisor (DCNM) software program. These embody a complete of 4 safety fixes for vulnerabilities with various severity ranges. Two of those included essential vulnerabilities that would let an attacker remotely entry a goal system.
Vital Vulnerabilities In Cisco DCNM Software program
Just lately, Cisco has addressed two essential safety flaws within the Information Middle Community Supervisor (DCNM) software program. These vulnerabilities existed within the web-based administration interface of the software program. Exploiting these flaws might enable distant assaults on the system.
The primary of those, CVE-2019-1619, is an authentication bypass vulnerability with a CVSS rating of 9.8. Describing it within the advisory, Cisco acknowledged,
The vulnerability is because of improper session administration on affected DCNM software program. An attacker might exploit this vulnerability by sending a crafted HTTP request to the affected system. A profitable exploit might enable the attacker to achieve administrative entry on the affected system.
Cisco fastened this vulnerability with the discharge of DCNM Software program v.11.1(1) and later.
Whereas, the opposite one, CVE-2019-1620, is an arbitrary file add and distant code execution flaw. This one too has a CVSS base rating of 9.8. Concerning this vulnerability, Cisco acknowledged in its advisory,
The vulnerability is because of incorrect permission settings in affected DCNM software program. An attacker might exploit this vulnerability by importing specifically crafted information to the affected system. A profitable exploit might enable the attacker to jot down arbitrary information on the filesystem and execute code with root privileges on the affected system.
The distributors patched the flaw with Cisco DCNM Software program Launch 11.2(1) and later.
Different Flaws In Information Middle Community Supervisor
Other than the above two essential vulnerabilities, Cisco additionally addresses two different safety flaws within the software program. These embody a high-severity arbitrary file obtain vulnerability, CVE-2019-1621, that would enable distant attacker entry and obtain delicate information from the goal system; and an data disclosure flaw of medium severity (CVE-2019-1622) permitting unauthenticated distant assaults.
The customers of Cisco DCNM should guarantee updating their units to DCNM Software program Launch 11.2(1) and later to remain shielded from potential dangers. Cisco acknowledged the unbiased researcher Pedro Ribeiro for highlighting all these flaws.
Tell us your ideas within the feedback.
