[Aug 30, 2018]
Cisco Data Center Network Manager (DCNM) software is used for managing Cisco switches and routers that connect devices on enterprise local area networks (LAN) and storage area networks (SAN). The software manages Cisco’s Nexus switches and its MDS enterprise SAN switches.
Cisco has released a patch to fix a high severity security flaw affecting its Data Center Network Manager software for managing switches deployed in large data centers.
The networking company released the patch on Tuesday and notes there is a publicly available proof-of-concept exploit for the flaw, which could give remote attackers access to sensitive files.
According to Cisco, all DCNM releases prior to 11.0 (1), which it made available in July, are vulnerable to a directory or path traversal attack.
Cyber Security Tips:
- Assuming a network admin notices such an attack, an admin could recover memory by rebooting the device or restarting web proxy access, according to Cisco.
- Cisco has tagged the bug as CVE-2018-0410 and rated it as a “high” severity issue with a CVSS score of 8.6 out of 10. Available patches can be found on CERT/CC’s pages.