Cisco Data Center software includes remote access flaw
Cisco has released a patch to a recently-discovered security flaw in the Data Center Network Manager software.
The Data Center Network Manager (DCNM) software is used to manage switches and routers connected through LAN and SAN environments, including the Cisco Nexus switches and MDS enterprise SAN switches.
The vulnerability affects DCNM versions 11.0 or later, exposing sensitive data through a potential directory traversal attack.
The vulnerability is located in the management interface, where user requests may be improperly validated.
Exploiting this vulnerability, hackers could gain remote access to sensitive files by sending malicious requests containing instructions allowing access to the parent directory.
Once in the parent directory, a hacker can access sensitive information stored on the network, or create their own files and insert them into the system.
However, to take this action a hacker would need valid credentials, and to the company’s knowledge, the vulnerability has not yet been exploited in the real world.
A software update has been created to address this issue, however, there is no workaround available for users.
The patch is available only to DCNM customers with a valid software license.
The patch checks the version number through the web interface to see if the vulnerability exists, however, the web interface is not available in older versions of the software.
Researchers at Tenable, who first discovered the error, noted that the path traversal vulnerability is in the Download servlet and that a remote attacker could use this vulnerability to both access files and create directories.
In June of this year, Cisco received a number of questions about its practice of waiting weeks, or even months, before notifying customers of known security issues.
Cisco’s response noted that the delay was built into the notification system, as publicizing a critical vulnerability prior to having a patch for all affected versions would open other customers up to potential exploitation.
Source: thestack
Latest Jobs
-
- Sales New Business / Account Manager - Sales Security / Cloud / Managed Service
- London
- upto 50,000 base plus OTE
-
*Actively looking to hire now. Consultative Sales person. New business and account management. Technology and Services (Cloud / Security / Managed Services) Flexible location- remote working- London based office for when the ‘new normal’ emerges. We are looking for a capable and self sufficient sales person that will also benefit from a team that will generate leads / appointment setting. Your role will be to generate new logo business opportunities and manage and expand traction into a number of existing accounts (that have spent.) Targeting the mid market to small enterprise. This award winning business, who deliver a broad range of transformational solutions, are looking to attract a high achiever. Uncapped commission and sensible scaled targets to attract the best. Top earners achieving in excess of £200k+ Experience in selling one or more of the following is essential; Managed Services, Datacentre, Cloud and Cyber Security. All details kept in confidence, apply today to find out more. Chris.Holt@dclsearch.com 07884666351
-
- New Business Hunter - Global Telecom Services
- Munich
- up to €90,000 base plus €60,000 OTE (some flexibility)
-
New Business Hunter - Telecom Services Salary up to €90,000 base plus €60,000 OTE Location: Munich Reference RA7379 Our client a leading Global Telecoms Provider are looking for an ambitious New Business Hunter to be based in Germany, targeting Germany HQ enterprises business who are looking to expand or develop their presence in the Asian markets, you will be able to sell across their full portfolio of services, from Global Connectivity, Cloud, Security and SDWAN solutions As the New Business Hunter you will be responsible for the development of new Logo accounts, focusing on growing these from initial introduction through to established customer Responsibilities: • Maintaining and developing relationships with targeted companies • Identifying opportunities to grow revenue • Generating revenue growth within new Logo customers via telephone and face to face contact, web meetings and when necessary face to face visits Skills and experience: • Fluent German and English verbal and written skills are imperative • Experience in the Telecoms/networking industry is a must • Proven new business experience and able to show how you would target, approach and win a customer • Aptitude for achieving individual revenue and key performance targets. • Proven negotiations skills. Telecoms Jobs | Telecommunications Jobs | Telecommunications Jobs