Security News > 2020 > January > Critical Cisco Flaws Now Have PoC Exploit

Proof-of-concept exploit code has been published for critical flaws impacting the Cisco Data Center Network Manager tool for managing network platforms and switches.

The three critical vulnerabilities in question impact DCNM, a platform for managing Cisco data centers that run Cisco's NX-OS - the network operating system used by Cisco's Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches.

Two of the flaws are authentication bypass vulnerabilities in the REST API and SOAP API endpoints for Cisco DCNM. Representational State Transfer is an architecture style for designing networked applications, according to RestFulApi.net; while Simple Object Access Protocol is a standard communication protocol system that allows processes using different operating systems to communicate via HTTP and its XML, according to a DZone description.

With the PoC exploit code now available, Cisco is urging customers to update.

"The Cisco Product Security Incident Response Team is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory," according to Cisco's advisory, which was updated on Wednesday.

News URL

https://threatpost.com/cisco-dcnm-flaw-exploit/151949/