Security News > 2020 > January > Critical Cisco Flaws Now Have PoC Exploit
Proof-of-concept exploit code has been published for critical flaws impacting the Cisco Data Center Network Manager tool for managing network platforms and switches.
The three critical vulnerabilities in question impact DCNM, a platform for managing Cisco data centers that run Cisco's NX-OS - the network operating system used by Cisco's Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches.
Two of the flaws are authentication bypass vulnerabilities in the REST API and SOAP API endpoints for Cisco DCNM. Representational State Transfer is an architecture style for designing networked applications, according to RestFulApi.net; while Simple Object Access Protocol is a standard communication protocol system that allows processes using different operating systems to communicate via HTTP and its XML, according to a DZone description.
With the PoC exploit code now available, Cisco is urging customers to update.
"The Cisco Product Security Incident Response Team is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory," according to Cisco's advisory, which was updated on Wednesday.
News URL
https://threatpost.com/cisco-dcnm-flaw-exploit/151949/
Related news
- Exploit released for Cisco SSM bug allowing admin password changes (source)
- Cisco warns of critical RCE zero-days in end of life IP phones (source)
- Ivanti warns of critical vTM auth bypass with public exploit (source)
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Week in review: SonicWall critical firewalls flaw fixed, APT exploits WPS Office for Windows RCE (source)
- Cisco fixes root escalation vulnerability with public exploit code (source)
- Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks (source)
- Adobe fixes Acrobat Reader zero-day with public PoC exploit (source)
- Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869) (source)
- Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw (source)