Security News > 2020 > July > Critical, High-Severity Cisco Flaws Fixed in Data Center Network Manager

Cisco is warning of several critical and high-severity flaws in its Data Center Network Manager for managing network platforms and switches.

DCNM is a platform for managing Cisco data centers that run Cisco's NX-OS - the network operating system used by Cisco's Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches.

Iso installers, and affects Cisco DCNM software releases 11.0(1), 11.1(1), 11.2(1), and 11.3(1). "Cisco has confirmed that this vulnerability does not affect Cisco DCNM instances that were installed on customer-provided operating systems using the DCNM installer for Windows or Linux," said Cisco.

Cisco also patched five high-severity flaws in DCNM, including two command-injection flaws that could allow an authenticated, remote attacker to inject arbitrary commands on affected devices; a path traversal issue that could enable an authenticated, remote attacker to conduct directory traversal attacks on vulnerable devices; an improper authorization flaw, allowing an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device; and an authentication bypass glitch allowing an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device.

Cisco on Wednesday also patched a critical vulnerability in the web-based management interface of its SD-WAN vManage Network Management system.

News URL

https://threatpost.com/critical-high-severity-cisco-flaws-fixed-data-center-network-manager/157861/