Cisco Data Center software includes remote access flaw
Cisco has released a patch to a recently-discovered security flaw in the Data Center Network Manager software.
The Data Center Network Manager (DCNM) software is used to manage switches and routers connected through LAN and SAN environments, including the Cisco Nexus switches and MDS enterprise SAN switches.
The vulnerability affects DCNM versions 11.0 or later, exposing sensitive data through a potential directory traversal attack.
The vulnerability is located in the management interface, where user requests may be improperly validated.
Exploiting this vulnerability, hackers could gain remote access to sensitive files by sending malicious requests containing instructions allowing access to the parent directory.
Once in the parent directory, a hacker can access sensitive information stored on the network, or create their own files and insert them into the system.
However, to take this action a hacker would need valid credentials, and to the company’s knowledge, the vulnerability has not yet been exploited in the real world.
A software update has been created to address this issue, however, there is no workaround available for users.
The patch is available only to DCNM customers with a valid software license.
The patch checks the version number through the web interface to see if the vulnerability exists, however, the web interface is not available in older versions of the software.
Researchers at Tenable, who first discovered the error, noted that the path traversal vulnerability is in the Download servlet and that a remote attacker could use this vulnerability to both access files and create directories.
In June of this year, Cisco received a number of questions about its practice of waiting weeks, or even months, before notifying customers of known security issues.
Cisco’s response noted that the delay was built into the notification system, as publicizing a critical vulnerability prior to having a patch for all affected versions would open other customers up to potential exploitation.
Source: thestack
Latest Jobs
-
- London Sales Manager, Key Clients. Security. Immediate
- London
- N/A
-
London Sales Manager, Key Clients A senior sales leadership role within the cyber security services and technology market, focused on account development and revenue growth across key clients. You will lead a sales team with responsibility for customer retention, increasing share of wallet and maintaining a strong commercial pipeline. The role works closely with technical, delivery and marketing teams, as well as technology partners. Key focus Lead and coach a field based sales team Own forecasting, pipeline quality and revenue delivery Drive renewals and account development Expand customer investment across services and solutions Build relationships with vendors and partners Background Proven experience managing enterprise sales teams Consistent performance against revenue targets Cyber or IT security sales leadership experience Exposure to Palo Alto, Check Point, Microsoft, etc Commercially focused with a structured sales approach A role for a sales leader focused on long term client value and sustainable growth.
-
- Outside IR35 Functional tester - London - Security Cleared
- London
- Outside IR35
-
Outside IR35 Functional tester - London - Security Cleared Willing to undergo DV Clearance 3 days a week onsite. (London) We are looking for a Functional Test Specialist to support a complex technology programme where accuracy and delivery assurance matter. Key Focus Validate application behaviour and run functional test scenarios Identify risk, defects, and delivery issues early Define practical test approaches and environment needs Produce automated checks where appropriate Work closely with technical teams to agree acceptance criteria Report clearly on outcomes, defects, and risks Experience Needed Strong Microsoft stack exposure Experience supporting server or infrastructure migrations Solid functional testing background Comfortable working remotely onsite (London 3 days a week) Linux or container exposure Jira / Wiki Restricted or isolated environments A hands on role for someone who values clarity, ownership, and quality.
-
- GRC Security Consultant - Energy. Security Clearable. Scotland
- Glasgow
- N/A
-
GRC Security Consultant - Utilities. OT. Security Clearable. Scotland Hybrid (UK | Remote) We need a We need a Senior GRC consultant with experience in the utilities sector. Previous experience working within Critical National Infrastructure (CNI) industries, specifically within Operational Technology is essential. Security clearance / (clearable) required. Current external consultancy experience preferred but not essential. You will be leading lead audits and advisory services (risk assessment / strategic) against CAF, ISO 27001, and IEC 62443 standards to uplift security. This is a permanent position, looking for someone who wants to make a difference away from a firm with progression and no politics. Apply today to find out more.