Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote malicious user to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco data center network manager |
Data Center Network Manager bugapalooza with three must-fix flaws Cisco slips on a Tolkien ring: One chip design to rule them all, one design to find them. One design to bring them all...
Cisco is kicking off 2020 with the release of a crop of patches for its Data Center Network Manager. The updates address a total of 12 CVE-listed patches and range in severity from moderate to critical, though should all be patched regardless of rating. Nearly all were found within the REST and SOAP APIs. The immediate priority should be cleaning up CVE-201915975, CVE-201915976, and CVE-201915975, a trio of authentication bypass bugs that can be exploited remotely without authentication. The thr...