Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability

A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device.

The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-unauth-access

Security Impact Rating: Medium

CVE: CVE-2019-15999

Related:

  • No Related Posts

Autoupgrade 12.1.7004.6500 to 14.2.1031.0100

I need a solution

Doing some intial testing on using autoupgrade to update some clients.

Added a package with 14.2.1031.0100 to the Client Group and moved a 12.1.7004.6500 client in.

Updated the policy on the client which worked.

Client has Deployment status of “Cannot deploy. Client version is the same or later than the specified package.”

But under that the Deployment Target version and the Deployment running version is both 12.1

Not really sure what to try next so looking for some suggestions.

0

Related:

  • No Related Posts