• Subscriber/Sign In
  • Register
  • About Us
isssource.com
  • Home
  • Eguide: Overcoming the Industrial Cyber Security Skills Gap
  • Register
  • News
    • Careers
    • Government
    • Incidents
    • Industry Voices
    • Products and Services
    • Sending it Your Way
    • Technology Update
    • Views
  • Profile
  • Research
  • User Profile
  • Events
  • Login
  • Lost Password
  • Training & Certification
  • Transactions
  • White Papers
  • Membership Details
  • Subscribe Now
  • Membership Contents
  • Archives

Breaking News

  • Fukushima Report: Robot Lifts Melted Fuel
  • TÜV, Nozomi Ink Partnership Pact
  • Pangea Patches Bypass Vulnerability
  • Fuji Fixes FRENIC Devices
  • ARC: Safety and Profitability Work Together
  • Public Needs to Know About Chem Releases: Judge
  • Robot Testing Radioactive Fuel at Fukushima
  • Siemens Fixes CP1604, CP1616 Holes
  • Siemens has Upgrade for Intel AMT
  • Siemens Fixes Hole in SIMATIC S7-300 CPU
  • Siemens has Licensing Software Fix for SICAM 230
  • Siemens Fixes Ethernet Communication Module, Relays
  • OSIsoft has Update for PI Vision Hole
  • First Responders Test Technology
  • Manufacturing Targeted in Hack Attack
  • Siemens Fixes SICAM A8000 RTU Series Hole
  • Read More

Chemical Safety Incidents

White Papers

  • A Year in Vulnerabilities
  • A Year in Threats
  • Year in Hunting and Responding
  • Finding the Competitive Edge
  • Going Digital
  • Visibility Leads to Knowledge
  • Tips to SCADA Security
  • Insurance Dilemma: Infrastructure Attacks
  • Monitoring a Growing Network
  • Integrated Approach to Protecting ICS
  • Analytics through Network Monitoring
  • Gaining Visibility on Malware Attacks
  • The Wireless Edge
  • Benefits of Virtualization
  • Wireless Reshaping IT/OT Network
  • Virtualizing Network: Benefits, Challenges
  • Read More

Sending It Your Way

  • aeSolutions Security Blog
  • exida Explains
  • Joel Langill: SCADAhacker
  • [In] Security Culture
  • Eric Byres: Practical SCADA Security
  • Department of Homeland Security
  • Jim Cahill
  • Dale Peterson
  • Industrial Defender
  • Wurldtech
  • Read More

Cisco Patches DCNM Vulnerabilities

Friday, June 9, 2017 @ 03:06 PM gHale

Cisco patched vulnerabilities in its Prime Data Center Network Manager (DCNM) which had two critical vulnerabilities an attacker could leverage for remote code execution and to access the product’s administrative console.

One of the flaws, CVE-2017-6639, has a lack of authentication and authorization for a debugging tool inadvertently left enabled.

RELATED STORIES
Cisco Releases Huge Zero Day Patch
Cisco Fixes Multiple Vulnerabilities
Cisco Finds Moxa Vulnerabilities
Cisco Fixes Aironet Flaws

A remote, unauthenticated attacker can leverage the vulnerability to access sensitive information or execute arbitrary code with root privileges by connecting to the debugging tool via TCP.

The vulnerability affects Cisco Prime DCNM releases 10.1(1) and 10.1(2) for Windows, Linux and virtual appliances.

The second Prime DCNM hole, CVE-2017-6640, has a default user account protected by a static password. An attacker who can remotely connect to the affected system can use this account to gain privileged access to the server’s administration interface.

The networking giant said this flaw only affects Prime DCNM running software version 10.2(1) for Windows, Linux and virtual appliances.

The DCNM vulnerabilities came to Cisco from Antonius Mulder of Commonwealth Bank of Australia. As of now, there is no evidence that they have undergone exploitation.

The vulnerabilities ended up patched with the release of version 10.2(1). No workarounds are available.

In addition, Cisco also published an advisory for a high severity local privilege escalation vulnerability affecting AnyConnect Secure Mobility Client for Windows versions prior to 4.4.02034.

The vulnerability, reported by Felix Wilhelm of ERNW, allows a local attacker to install and execute a file with SYSTEM privileges.



Leave a Reply

Click here to cancel reply.

You must be logged in to post a comment.

« Old OSes Prevalent, Vulnerable to Breaches
VMware Clears 3 Vulnerabilities »

  • Home
  • Eguide: Overcoming the Industrial Cyber Security Skills Gap
  • Register
  • View Spotlight Article
  • News
  • Profile
  • Research
  • User Profile
  • Events
  • Login
  • Lost Password
  • Training & Certification
  • Transactions
  • White Papers
  • Membership Details
  • Subscribe Now
  • About Us
  • Membership Contents
  • Archive
  • Sitemap
  • Careers
  • Government
  • Incidents
  • Industry Voices
  • Products and Services
  • Sending it Your Way
  • Technology Update
  • Views
Policies
Copyright © 2019 isssource.com