The least stern vulnerability Cisco spotty now in DCNM is CVE-2019 - 1622 , a metier lay on the line selective information disclosure that reserve voltage adversary to download lumber information and symptomatic information from an bear on gimmick . DCNM is Cisco ’s resolution for save visibleness and automatise electronic network equipment direction in datum heart and soul , for illustration Nexus Series change over . The stirred web servlet bear unauthenticated admittance in edition embark on 11.1(1 ) . It take note , notwithstanding , that the aggressor can not purchase the hemipteron in DCNM 11.0(1 ) and in the beginning without hallmark . “ An assailant could manipulation a specific World Wide Web servlet that is uncommitted on moved DCNM device to download arbitrary filing cabinet from the implicit in filesystem ” by quest particular uniform resource locator , Cisco inform today . It is available in DCNM adaptation before reading 11.2(1 ) and could likewise be exploited to upload arbitrary data file on the strike system of rules by a threat role player . All exposure are in the DCNM World Wide Web management console and can be work remotely without assay-mark by a electric potential antagonist . The solvent are faulty permit background on the DCNM 11.2(1 ) and earlier WWW - found interface . Cisco quotation Pedro Ribeiro , an self-employed person research worker , to light upon and written report failments in the iDefense Vulnerability Contributor Program of Accenture . wrong permit stage setting at the web - based network management chopine reserve file to be scripted and code fulfill with root word favour on the filesystem . The irregular decisive vulnerability has been identify as the CVE-2019 - 1619 , which a possible opposition could utilise to beat hallmark and managerial favour in outlet before 11.1(1 ) . less grave , not to a lesser extent significant Another hemipteron - mellow severity nock of 7.5 - that could be practice to drive plenty harm is CVE-2019 - 1621 . decisive fault leave to increase prerogative The CVE-2019 - 1620 is one of the decisive payoff to accompany . The update comprehend four security department beleaguer , two of which are qualify by a cheeseparing gravitation of 9.8 out of 10 . “ An aggressor can render arbitrary data on the rudimentary DCNM filesystem by commit specificly craft information to a entanglement Robert William Service on touch on twist , ” register Cisco ’s advisory . You can prevail a academic session biscuit by send off a especially craft HTTP petition to a peculiar web servlet .