Stack of vulnerabilities in Cisco’s Data Center Network Manager product were found and recently Cisco made an announcement that it has issued six new security advisories that will deal with it. The issues were shared by Steven Seeley a security researcher. The flaws were quite serious and it dealt with problems like static encryption keys that are used in products of network infrastructure. Three of the underlying flaws have the potential to allow a remote attacker to takeover admin rights and one can also take control of the affected device. 120 examples of flaws were listed by Seeley in his Source Incite blog.The flaws were then shared to the Trend Micro's Zero Day Initiative bug bounty program. This gave Cisco another chance to fix all the issues. The patching was urgent and it was done using cisco’s software updates.
Seeley stated that the flaws were dangerous and they could be easily exploited. The bug was found by Seeley during his audit work and he immediately shared it through the bug bounty program. To identify the bug, it took Seeley almost a month of auditing, runtime debugging, and proper source code. The exploitation was trivial according to Seeley. The flaws are now labeled differently in the patch notes but the three vulnerabilities were promptly addressed by cisco.