A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote malicious user to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the malicious user to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco data center network manager |
Data Center Network Manager bugapalooza with three must-fix flaws Cisco slips on a Tolkien ring: One chip design to rule them all, one design to find them. One design to bring them all...
Cisco is kicking off 2020 with the release of a crop of patches for its Data Center Network Manager. The updates address a total of 12 CVE-listed patches and range in severity from moderate to critical, though should all be patched regardless of rating. Nearly all were found within the REST and SOAP APIs. The immediate priority should be cleaning up CVE-201915975, CVE-201915976, and CVE-201915975, a trio of authentication bypass bugs that can be exploited remotely without authentication. The thr...