Cisco has released three security advisories to address multiple vulnerabilities affecting various components of Cisco Prime Data Center Network Manager (DCNM). These vulnerabilities may allow an unauthenticated, remote attacker to disclose file components and access text files on an affected device. These vulnerabilities can be exploited independently on the same device; however, a release that is affected by one of the vulnerabilities may not be affected by the others.
Cisco has released software updates to address the following vulnerabilities:
- Cisco Prime DCNM Information Disclosure Vulnerability
- Cisco Prime DCNM Remote Command Execution Vulnerabilities
- Cisco Prime DCNM XML External Entity Injection Vulnerability
US-CERT encourages users and administrators to review the following Cisco Security Advisory and apply any necessary updates to help mitigate the risk.