Cisco releases patches for its Data Center Network Manager software fixing critical vulnerabilities. Two of the bugs have a close-to-maximum severity score of 9.8 out of 10. They allow a remote attacker to upload files and execute actions with root privileges. The vulnerabilities are in DCNM’s web-management console and can be exploited remotely by a potential adversary without the need to authenticate. The company credits independent researcher Pedro Ribeiro for discovering the glitches and reporting them through Accenture’s iDefense Vulnerability Contributor Program.
Source: https://www.bleepingcomputer.com/news/security/cisco-patches-critical-flaws-in-data-center-network-manager/