A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote malicious user to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the malicious user to view and make unauthorized modifications to existing system users as well as create new users.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco digital network architecture center |
Coding screwups for Prime Infrastructure and DNA Center admins to slurp up
Cisco admins, maybe you'd like to clear your Friday, because there's a fresh batch of critical-rated vulnerabilities to assess and patch as needed. The three worst bugs lie in Cisco's Prime Infrastructure and Digital Network Architecture (DNA) Center products, and are among 26 bugs disclosed this week. One of the critical-rated programming cockups is a permission error that can be exploited to perform arbitrary file upload. An attacker could send a file using TFTP, allowing the miscreant to run ...