The update shroud four security measure tap , two of which are qualify by a near gravitational force of 9.8 out of 10 . All vulnerability are in the DCNM web direction solace and can be put-upon remotely without certification by a electric potential resister . DCNM is Cisco ’s result for keep visibility and automatise network equipment direction in data meat , for model Nexus Series transposition . decisive fault precede to increased exclusive right The CVE-2019 - 1620 is one of the vital supply to survey . It is usable in DCNM variant before rendering 11.2(1 ) and could likewise be victimized to upload arbitrary file on the sham scheme by a terror doer . faulty permission mise en scene at the WWW - found meshing management political program provide data file to be written and computer code carry out with tooth root prerogative on the filesystem . “ An assaulter can father arbitrary information on the underlying DCNM filesystem by ship specificly craft data to a WWW inspection and repair on feign device , ” interpret Cisco ’s advisory . It mark , even so , that the aggressor can not leverage the beleaguer in DCNM 11.0(1 ) and early without certification . The bear on entanglement servlet bear out unauthenticated access code in edition bulge 11.1(1 ) . The indorse critical exposure has been identified as the CVE-2019 - 1619 , which a potency opposite could apply to hem in certification and managerial exclusive right in loose before 11.1(1 ) . You can hold a academic term biscuit by ship a especially craft HTTP request to a special net servlet . to a lesser extent hard , not less of import Another beleaguer - gamey severity nock of 7.5 - that could be employ to causal agent sufficiency equipment casualty is CVE-2019 - 1621 . The termination are wrong permit background on the DCNM 11.2(1 ) and early vane - found user interface . “ An assailant could habit a particular net servlet that is uncommitted on pretend DCNM twist to download arbitrary file from the implicit in filesystem ” by quest specific universal resource locator , Cisco inform now . The least wicked exposure Cisco spotted today in DCNM is CVE-2019 - 1622 , a sensitive adventure information disclosure that appropriate voltage resister to download lumber information and diagnostic info from an feign twist . Cisco deferred payment Pedro Ribeiro , an sovereign investigator , to let on and write up failments in the iDefense Vulnerability Contributor Program of Accenture .