Cisco Data Center software includes remote access flaw
Cisco has released a patch to a recently-discovered security flaw in the Data Center Network Manager software.
The Data Center Network Manager (DCNM) software is used to manage switches and routers connected through LAN and SAN environments, including the Cisco Nexus switches and MDS enterprise SAN switches.
The vulnerability affects DCNM versions 11.0 or later, exposing sensitive data through a potential directory traversal attack.
The vulnerability is located in the management interface, where user requests may be improperly validated.
Exploiting this vulnerability, hackers could gain remote access to sensitive files by sending malicious requests containing instructions allowing access to the parent directory.
Once in the parent directory, a hacker can access sensitive information stored on the network, or create their own files and insert them into the system.
However, to take this action a hacker would need valid credentials, and to the company’s knowledge, the vulnerability has not yet been exploited in the real world.
A software update has been created to address this issue, however, there is no workaround available for users.
The patch is available only to DCNM customers with a valid software license.
The patch checks the version number through the web interface to see if the vulnerability exists, however, the web interface is not available in older versions of the software.
Researchers at Tenable, who first discovered the error, noted that the path traversal vulnerability is in the Download servlet and that a remote attacker could use this vulnerability to both access files and create directories.
In June of this year, Cisco received a number of questions about its practice of waiting weeks, or even months, before notifying customers of known security issues.
Cisco’s response noted that the delay was built into the notification system, as publicizing a critical vulnerability prior to having a patch for all affected versions would open other customers up to potential exploitation.
Source: thestack
Latest Jobs
-
- Professional Services Security Engineer
- United Kingdom
- £65,000
-
Professional Services Security Engineer with current checkpoint experience is needed for the UK focused client facing implementation/migration, configuration position. The role will be utilising the latest versions of Checkpoint, so someone accredited with either CCSA or CCSE, on at least version R80 is ideal. The Professional Services Security Engineer must have current technical implementation experience using Checkpoint, however, I would look at someone with strong firewalling experience around other vendors such as Palo Alto and Fortinet. Being a multi-vendor professional services business, there is scope for this person to receive training and experience within other vendors. This is a UK wide role, the company in question has 2 offices across the UK, however, there is scope for this person to be home based when not on client site. Vendor training and exposure actively promoted.
-
- eDiscovery / Forensic Consultant, London, £65,000
- London
- £65,000
-
Senior eDiscovery / forensic consultant needed to join a business is recognised for helping top tier clients across eDiscovery, Forensics, Incident Response, Advisory etc. Known the for quality, consistency of work throughout the world. This individual MUST be London based, client facing with deep technical hands on experience with eDiscovery / forensic tools, techniques and best practice. Hands on experience using Relativity is essential. The position is split between engaging with client stakeholders to provide consultancy, technical engaging to identify, preserve, collect, process, review and produce electronically stored information in litigation and manage / provide support for the other internal business functions. This will include, but not be limited to; manging client engagements, collecting / processing data within Relativity, delivering / providing guidance customisation on reports, advising clients. Any of the following certifications are highly desirable. • Relativity Certified Administrator (RCA) • Relativity Processing Specialist • Relativity Analytics Specialist Travel to client site will be involved. Fluency in multiple European languages is highly desirable. All details kept in the strictest of confidence. Contact me on Chris.holt@dclsearch.com 07884666351 or 02086634030
-
- Public Sector Sales Consultant, Cyber, London, 140 OTE +, Uncapped earnings!
- London
- Up to £140,000 OTE
-
Public Sector Sales Consultant is needed in London as a new hire into a cybersecurity services, solutions and advisory business. Ideally, the Public Sector Sales Consultant should have experience selling cyber solutions, services and advisory but this is not essential. (Training can be provided) What is essential is the sales consultant must have a successful history overachieving against target selling into the Public Sector (Healthcare, Defence, Emergency Services, Government etc.).. This target for this opportunity will be £1.3m. The role will be split in delivering NEW BUSINESS into existing accounts (account management through existing partners, framework, direct etc) and new Logo NEW business. A full suite of solutions is available to the successful Public Sector Sales consultant. More importantly, there is an Uncapped earning for overachievement. A KEY requirement is an ability for the individual to achieve UK security clearance- UK passport holder is a must. There is a strong preference for will be given to those that already have clearance. Training, development, support and a warm inviting team. All details kept in the strictest of confidence. Ref: CH7497
-
- Partner Sales Director
- Germany
- Up to €165,000 Base + Double OTE
-
We are currently working on behalf of a global cybersecurity provider who are currently looking for a Partner Sales Director in Germany. The Partner Sales Director will be responsible for the go to market strategy for current Cyber Security OEM’s and new alliances across EMEA and CALA. Other responsibilities include; Sales strategy development and implementation, Partner development, Sales leadership etc. Experience Required Must have current experience in a sales leadership role specialising in Cyber Security (vendor experience with Cisco, Check Point etc.) Proven sales record of being able to lead, grow teams and exceed expectations. This individual MUST be based in Germany Ref: BD7496 (Partner Sales, Alliances Sales, Cyber Security Sales Jobs)