Security News > 2020 > January > Cisco DCNM Users Warned of Serious Vulnerabilities
Cisco on Thursday informed customers that it has released software updates for its Data Center Network Manager product to address several critical and high-severity vulnerabilities.
All of the serious vulnerabilities patched in DCNM were reported to Cisco by researcher Steven Seeley of Source Incite.
ZDI will publish its own advisories for the flaws and its website lists over 120 upcoming advisories describing vulnerabilities found by Seeley in Cisco products.
It's worth noting that ZDI publishes a separate advisory for each variation of a vulnerability, which results in multiple advisories for a single CVE. The most serious vulnerabilities patched by Cisco in its Data Center Network Manager product - all of them have been rated critical - can allow a remote attacker to bypass authentication and execute arbitrary actions with admin privileges on the targeted device.
While it may appear that these vulnerabilities are not serious enough for them to be rated high severity given that exploitation requires administrator privileges, Cisco has pointed out that the severity rating is high due to the fact that a malicious actor could exploit them in combination with the critical authentication bypass flaws, which can grant hackers admin privileges.