Critical, High-Severity Cisco Flaws Fixed in Data Center Network Manager
Recently, Cisco warned consumers about several critical and high-severity flaws that lie in its Data Center Network Manager (DCNM) that could lead to remote unauthenticated attackers bypassing authentication on vulnerable devices. DCNM manages Cisco data centers that run the network operating system for Cisco devices. The newly reported flaws exist in the REST API of the DCNM, making them high risk as an attacker could execute arbitrary actions with administrative privileges through leveraging the vulnerabilities.
The flaw ranks 9.8 out of 10 on the CVSS scale, meaning it is of high severity. Although the flaw is serious, Cisco stated that they have not been made aware of any malicious exploits of the flaw. The vulnerability is present due to the fact that different installations share a static encryption key, according to Cisco’s security update released on Wednesday.