The result are faulty permission circumstance on the DCNM 11.2(1 ) and other web - free-base interface . It is usable in DCNM interpretation before edition 11.2(1 ) and could as well be apply to upload arbitrary file away on the sham organization by a terror thespian . DCNM is Cisco ’s resolution for safekeeping profile and automate network equipment direction in datum center field , for example Nexus Series change . The affected entanglement servlet patronise unauthenticated admission in translation start up 11.1(1 ) . You can find a academic term cooky by ship a particularly craft HTTP asking to a finicky vane servlet . critical defect tip to increase privilege The CVE-2019 - 1620 is one of the decisive go forth to keep abreast . The update blanket four security system tease , two of which are characterise by a nearest somberness of 9.8 out of 10 . to a lesser extent severe , not to a lesser extent crucial Another badger - high hardness score of 7.5 - that could be employ to induce sufficiency legal injury is CVE-2019 - 1621 . “ An assaulter could habit a particular network servlet that is available on affected DCNM devices to download arbitrary file away from the inherent filesystem ” by bespeak particular uniform resource locator , Cisco inform today . It annotation , yet , that the attacker can not purchase the badger in DCNM 11.0(1 ) and earlier without assay-mark . incorrect permit circumstance at the net - free-base net direction political program tolerate register to be written and write in code do with steady down privilege on the filesystem . The mo decisive exposure has been identify as the CVE-2019 - 1619 , which a voltage antagonist could utilize to duck authentication and managerial exclusive right in acquittance before 11.1(1 ) . “ An attacker can bring forth arbitrary data on the underlie DCNM filesystem by commit specificly craft information to a net service on move twist , ” say Cisco ’s consultive . The to the lowest degree stark vulnerability Cisco piece nowadays in DCNM is CVE-2019 - 1622 , a intermediate gamble information revelation that tolerate likely opposer to download log data point and diagnostic info from an feign twist . All vulnerability are in the DCNM web direction console table and can be victimised remotely without hallmark by a potential drop opposer . Cisco course credit Pedro Ribeiro , an sovereign researcher , to chance on and account failments in the iDefense Vulnerability Contributor Program of Accenture .