A Cisco software vulnerability could allow unauthorized access to sensitive information

Share this…

The company is already working on a security update

A recently discovered vulnerability in the Cisco Data Center Network Manager software could allow a remote attacker to gain access to sensitive information, as reported by cyber security organization experts.

The Data Center Network Manager software is used to manage switches and routers connected through LAN and SAN environments, including the Cisco Nexus switches and the MDS Enterprise San switches.

The vulnerability is the result of incorrect validation of the user’s request within the management interface that could be exploited by an attacker who sends malicious requests that contain directory traversal character sequences within the management interface. The attacker could also create arbitrary files on the targeted systems.

The vulnerability scored high on the scale known as the Common Vulnerability Scoring System and, if exploited, would allow an authenticated remote attacker to perform directory traversal attacks and access confidential files in the Target system, according to a security notice issued by the company this August 28th.

Once in the main directory, a hacker can access the confidential information stored on the network, or create its own files and insert them into the system. However, to perform this action, the hacker would need valid credentials. According to cyber security organization experts, there is no evidence to suggest that the vulnerability has been exploited yet.

The software versions of the Cisco Data Center Network Manager prior to 11.0 are affected by the exploit and there are currently no solutions to address the vulnerability, so cyber security organization specialists from the International Institute of Cyber Security recommends the affected people update their systems as soon as the company issues the corresponding security patches.