Home Unlabelled IBM Security Bulletin: IBM Cisco MDS Series Switches DCNM is affected by unauthenticated, remote attacker vulnerability (CVE-2017-6639, CVE-2017-6640).

IBM Security Bulletin: IBM Cisco MDS Series Switches DCNM is affected by unauthenticated, remote attacker vulnerability (CVE-2017-6639, CVE-2017-6640).

By
Wednesday, July 19, 2017
Read
Add Comment

IBM Cisco MDS Series Switches has addressed the following vulnerabilities. A vulnerability in Cisco Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. A vulnerability in the role-based access control (RBAC) functionality of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system.

CVE(s): CVE-2017-6639, CVE-2017-6640

Affected product(s) and affected version(s):

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2vCd8Q1
X-Force Database: http://ift.tt/2uCBRqm
X-Force Database: http://ift.tt/2vCrW14

The post IBM Security Bulletin: IBM Cisco MDS Series Switches DCNM is affected by unauthenticated, remote attacker vulnerability (CVE-2017-6639, CVE-2017-6640). appeared first on IBM PSIRT Blog.

Affected IBM Cisco DCNM SoftwareAffected Versions
DCNM10.1(1)
DCNM10.1(2)


from IBM Product Security Incident Response Team http://ift.tt/2uCE0Cv
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us