Security News > 2020 > January > Cisco Data Center Network Manager flaws fixed, Cisco ASA appliances under attack
Cisco has fixed 12 vulnerabilities in Cisco Data Center Network Manager, a platform for managing Cisco switches and fabric extenders that run NX-OS, and has warned about a spike in exploitation attempts of an old flaw affecting Cisco Adaptive Security Appliance and Firepower Appliance software.
"The vulnerabilities are not dependent on one another; exploitation of one of the vulnerabilities is not required to exploit another vulnerability," Cisco shared.
Cisco plugged CVE-2019-15999, a security hole in DCNM's JBoss Enterprise Application Platform, which exists due to incorrectly configured authentication settings.
For those who might have missed it, it's worth pointing out that Cisco Talos recently warned about a spike in exploitation attempts against CVE-2018-0296, a DoS and information disclosure directory traversal bug in Cisco Adaptive Security Appliance and Firepower Appliance software.
Steven Seeley, the researcher who discovered and reported most of these Cisco Data Center Network Manager flaws, has published proof-of-concept exploit code for them.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Q5JXdaQspuw/
Related news
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- New Cisco ASA and FTD features block VPN brute-force password attacks (source)
- Cisco fixes VPN DoS flaw discovered in password spray attacks (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-06 | CVE-2019-15999 | Unspecified vulnerability in Cisco Data Center Network Manager A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. | 4.0 |
| 2018-06-07 | CVE-2018-0296 | Path Traversal vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. | 7.5 |