Cisco Data Center Network Manager Flaw Allows Unauthorized Access to Sensitive Information
A vulnerability in Cisco's Data Center Network Manager could allow a remote attacker to gain access to sensitive information.
The vulnerability was rated “High” and if exploited would allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system, according to an Aug. 28 security advisory.
The bug is the result of improper validation of user request within the management interface which could be exploited by an attacker sending “malicious requests containing directory traversal character sequences within the management interface,” the advisory said. The attacker could also create arbitrary files on the targeted systems.
Cisco Data Center Network Manager (DCNM) software releases prior to 11.0(1) are affected by the exploit and there are currently no workarounds to address the vulnerability. Those who are affected are encouraged to update their systems as soon as possible.
- Contractor SC Cyber Security. £400.
SC Cleared contractor for a 3 month engagement. Public sector. Currently looking at remote / flexible working. The client is in London so there may well be travel involved at some stage.. Initial scoping, gap analysis, business impact analysis etc to understanding their current posture. To expand to formulate best practice recommendations. Broad info sec and technical awareness. Current SC clearance critical.