Itpa webheader

Cisco issues three critical security alerts


By Dylan Bushell-Embling
Tuesday, 02 July, 2019



Cisco issues three critical security alerts

Cisco has issued three critical alerts for vulnerabilities in its DNA Center network management and automation platform, including one that allows for remote code execution.

Two of the vulnerabilities disclosed in the alerts have a CVSS (Common Vulnerability Scoring System) rating of 9.8 out of 10, with the third having a rating of 9.3.

One vulnerability in the Cisco Data Centre Network Manager (DCNM) platform could allow attackers to remotely upload arbitrary files on affected devices and execute code with root privileges by exploiting incorrect permission settings on affected devices.

The attack method involves sending specially crafted data to a specific web servlet that is available on affected devices.

A second DCNM vulnerability, involving improper session management on the affected servlet, could allow attackers to remotely bypass authentication and execute arbitrary actions with administrative privileges.

The third vulnerability in the DNA Center could allow unauthenticated attackers to bypass authentication and access critical internal services, but requires physical access to the network by connecting an unauthorised network device to a subnet designated for cluster services.

The company has issued software updates to address all three bugs, but has stated that there are no workarounds that address any of the vulnerabilities. Cisco added that its security team is unaware of any instances of the vulnerabilities being exploited in the wild.

Image credit: ©stock.adobe.com/au/bluebay2014

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.

Related Articles

Process killed the innovation star

Limiting our focus to a particular process or solution rather than the desired outcome of our...

Phishing sites using HTTPS to trick users

Nearly a third (29%) of phishing web pages uncovered by Webroot during 1H19 were using HTTPS...

What does DoH mean for BYOD?

When it comes to IT, security and safety aren't always synonymous. Sometimes, measures that...


  • All content Copyright © 2019 Westwick-Farrow Pty Ltd