cisco-sa-dcnm-api-path-TpTApx2p: Cisco Data Center Network Manager REST API Vulnerabilities
First published: Wed Jan 20 2021(Updated: )
Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-api-path-TpTApx2p
Credit: These vulnerabilities were found during internal security testing.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Prime Data Center Network Manager (DCNM) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of cisco-sa-dcnm-api-path-TpTApx2p?
The severity of cisco-sa-dcnm-api-path-TpTApx2p is high due to the potential for authenticated remote attack leading to data manipulation.
How do I fix cisco-sa-dcnm-api-path-TpTApx2p?
To fix cisco-sa-dcnm-api-path-TpTApx2p, update to the latest version of Cisco Data Center Network Manager as recommended by Cisco.
Who is affected by cisco-sa-dcnm-api-path-TpTApx2p?
Cisco Data Center Network Manager (DCNM) users are affected by cisco-sa-dcnm-api-path-TpTApx2p if they are running vulnerable versions.
What type of attack does cisco-sa-dcnm-api-path-TpTApx2p facilitate?
cisco-sa-dcnm-api-path-TpTApx2p facilitates attacks that allow an authenticated user to view, modify, and delete data without proper authorization.
Is authentication required for exploiting cisco-sa-dcnm-api-path-TpTApx2p?
Yes, exploitation of cisco-sa-dcnm-api-path-TpTApx2p requires authentication as it involves an authenticated attack vector.
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- collector/cisco-advisory
- source/Cisco
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/title
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco prime data center network manager (dcnm)