Security News > 2020 > January > Cisco Data Center Network Manager flaws fixed, Cisco ASA appliances under attack

Cisco Data Center Network Manager flaws fixed, Cisco ASA appliances under attack
2020-01-06 11:08

Cisco has fixed 12 vulnerabilities in Cisco Data Center Network Manager, a platform for managing Cisco switches and fabric extenders that run NX-OS, and has warned about a spike in exploitation attempts of an old flaw affecting Cisco Adaptive Security Appliance and Firepower Appliance software.

"The vulnerabilities are not dependent on one another; exploitation of one of the vulnerabilities is not required to exploit another vulnerability," Cisco shared.

Cisco plugged CVE-2019-15999, a security hole in DCNM's JBoss Enterprise Application Platform, which exists due to incorrectly configured authentication settings.

For those who might have missed it, it's worth pointing out that Cisco Talos recently warned about a spike in exploitation attempts against CVE-2018-0296, a DoS and information disclosure directory traversal bug in Cisco Adaptive Security Appliance and Firepower Appliance software.

Steven Seeley, the researcher who discovered and reported most of these Cisco Data Center Network Manager flaws, has published proof-of-concept exploit code for them.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Q5JXdaQspuw/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-01-06 CVE-2019-15999 Unspecified vulnerability in Cisco Data Center Network Manager
A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device.
network
low complexity
cisco
6.3
2018-06-07 CVE-2018-0296 Path Traversal vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-22
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751