Last Updated: 2013-09-18 17:27:21 UTC
by Rob VandenBrink (Version: 1)
We continue to see web applications deployed to manage datacenter functions. And I'm sorry to say, we continue to see security issues in these applications - some of them so simple a quick run-through with Burp or ZAP would red-flag them.
In that theme, today Cisco posts updates to DCNM (Cisco Prime Data Center Network Manager). The issues resolved are not so simple as I describe above (they are more complex than a simple scan to detect or exploit), but they do involve remote command execution and authentication bypass - two things most folks should have problems with in a Data Center Network Manager.
The advisory is here ==> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm
As per usual, a valid service contract is required to obtain the update. My clients do have Cisco contracts, but I'm not sure how thrilled I am that you need to pay maintenance to fix security issues so fundamental.