Saturday, March 15, 2025
Follow us On Linkedin
HomeCiscoCisco Security Updates - Critical RCE vulnerability let Hackers Gain Control...

Cisco Security Updates – Critical RCE vulnerability let Hackers Gain Control Over Cisco Data Center Network Manager Remotely

CiscoSecurity Updates

Published on

By Gurubaran
Data Center Network Manager

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Cisco released security updates for Data Center Network Manager that allows an unauthenticated, remote attacker to upload arbitrary files on an affected device.

CVE-2019-1620 – File Upload & Remote Code Execution

The vulnerability resides in the web-based management interface of DCNM that allows an unauthenticated, remote attacker to upload arbitrary code on the affected device.

A remote attacker could exploit the vulnerability by uploading specially crafted data, and the vulnerability is due to incorrect permission settings.

Cisco has released updates to address this vulnerability; you can find the advisory here.

CVE-2019-1619 – Authentication Bypass Vulnerability

The vulnerability is due to improper session management; it allows a remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device.

Cisco has released updates to address this vulnerability; you can find the advisory here.

CVE-2019-1621 – Arbitrary File Download Vulnerability

The vulnerability resides in the web-based management interface of the Cisco Data Center Network Manager allows an attacker to gain access to sensitive files on an affected device.

Successful exploitation of the vulnerability allows an attacker to arbitrary files from the underlying filesystem of the affected device. The vulnerability is due to lack of permission settings.

Cisco has released updates to address this vulnerability; you can find the advisory here.

CVE-2019-1622 – Information Disclosure Vulnerability

A vulnerability in the web interface allows a remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to lack of improper access controls for specific URLs on the affected device.

Cisco has released updates to address this vulnerability; you can find the advisory here.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Memory Corruption Flaw in macOS Let Hackers run Malicious Code with Root Privileges

macOS Zero-Day Vulnerability Allows Hackers to Bypass Security Protections With Synthetic Clicks

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

cyber security

Hackers Exploiting Exposed Jupyter Notebooks to Deploy Cryptominers

Cado Security Labs has identified a sophisticated cryptomining campaign exploiting misconfigured Jupyter Notebooks, targeting...
AWS

AWS SNS Exploited for Data Exfiltration and Phishing Attacks

Amazon Web Services' Simple Notification Service (AWS SNS) is a versatile cloud-based pub/sub service...
Cyber Security News

Edimax Camera RCE Vulnerability Exploited to Spread Mirai Malware

A recent alert from the Akamai Security Intelligence and Response Team (SIRT) has highlighted...
CVE/vulnerability

Cisco Warns of Critical IOS XR Vulnerability Enabling DoS Attacks

Cisco has issued a security advisory warning of a vulnerability in its IOS XR...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

Cisco

Cisco Webex for BroadWorks Flaw Opens Door for Attackers to Access Credentials

Cisco Systems has disclosed a security vulnerability in its Webex for BroadWorks unified communications...
Cisco

CISA Alerts on Active Exploitation of Cisco Small Business Router Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent warning on March...
Cisco

Cisco Nexus Vulnerability Allows Attackers to Inject Malicious Commands

Cisco Systems has issued a critical security advisory for a newly disclosed command injection...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved