Menu
Cisco issues critical security warnings for its Data Center Network Manager

Cisco issues critical security warnings for its Data Center Network Manager

Cisco warns of vulnerabilities that can let attackers issue arbitrary actions with administrative permissions.

Credit: Cisco

Cisco has issued software to address multiple critical authentication exposures in its Data Center Network Manager (DCNM) software for its Nexus data center switches.

DCNM is a central management dashboard for data-center fabrics based on Cisco Nexus switches and handles a number of core duties such as automation, configuration control, flow policy management and real-time health details for fabric, devices, and network topology.

Cisco said that there were three exposures, which it rated as a 9.8 out of 10 on the Common Vulnerability Scoring System, in the DCNM authentication mechanisms that could let a remote attacker bypass authentication and execute arbitrary actions with administrative privileges on vulnerable devices.

Cisco said that the vulnerabilities are independent of each other so exploitation of one is not required to exploit another. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the others, the company said.

The critical weaknesses include:

REST API authentication bypass vulnerability: A vulnerability in the REST API endpoint of Cisco DCNM could allow a remote attacker to bypass authentication. “The vulnerability exists because a static encryption key is shared between installations. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges,” Cisco stated.  

SOAP API authentication bypass vulnerability: A weakness in the SOAP API endpoint of Cisco DCNM could let an unauthenticated, remote attacker to bypass authentication on an affected device. Like the REST vulnerability, this problem exists because a static encryption key is shared between installations. Exploits could allow arbitrary actions through the SOAP API with administrative privileges.

Authentication-bypass vulnerability: A weakness in the web-based management interface of Cisco DCNM could also let remote attackers bypass authentication on an affected device. Again, the vulnerability is due to the presence of static credentials that and an attacker could exploit by using them to authenticate against the user interface, Cisco stated. “A successful exploit could allow the attacker to access a specific section of the web interface and obtain certain confidential information from an affected device. This information could be used to conduct further attacks against the system,” Cisco stated. 

There are no workarounds that address these vulnerabilities but Cisco has released a DCNM software version that address the problems, the company stated. Cisco said it is not aware of any public announcements about or malicious use of the DCNM vulnerabilities.

Less severe vulnerabilities

There were numerous additional DCNM vulnerabilities involving the REST and SOAP APIs  with “high” to “medium” threat ratings including:

REST API SQL-injection vulnerability: A vulnerability in the REST API of Cisco DCNM could let an authenticated, remote attacker with administrative privileges execute arbitrary SQL commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API and an attacker could exploit this vulnerability by sending a crafted request to the API, Cisco wrote. A successful exploit could let an attacker view information that they are not authorized to view, make changes to the system that they are not authorized to make, or execute commands within the underlying operating system that may affect the availability of the system.

REST API path-traversal vulnerability: A vulnerability in the REST API of Cisco DCNM could allow an authenticated, remote attacker with administrative privileges to conduct directory-traversal attacks on an affected device. An attacker could exploit this vulnerability by sending a crafted request to the API, which could allow the attacker to read, write, or execute arbitrary files in the system with full administrative privileges. The exposure is due to insufficient validation of user-supplied input to the API, Cisco wrote.

REST API command-injection vulnerability: A weakness in the REST API of Cisco DCNM could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying OS. An attacker could exploit this vulnerability by sending a crafted request to the API and could let an attacker execute arbitrary commands on the device with full administrative privileges. The vulnerability is due to insufficient validation of user-supplied input to the API, Cisco stated.

SOAP API SQL-injection vulnerability: A weakness in the SOAP API of Cisco DCNM could allow an authenticated, remote attacker with administrative privileges to execute arbitrary SQL commands on an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, or execute commands within the underlying operating system that may affect the availability of the device. The problem is due to insufficient validation of user-supplied input to the API, Cisco wrote.

SOAP API path-traversal vulnerability: A vulnerability in the SOAP API of DCNM could allow an authenticated, remote attacker with administrative privileges to conduct directory-traversal attacks on an affected device. A successful exploit could allow the attacker to read, write, or execute arbitrary files in the system with full administrative privileges. Cisco said the vulnerability is due to insufficient validation of user-supplied input to the API.

SOAP API command injection vulnerability: A vulnerability in the SOAP API of DCNM could let an authenticated, remote attacker with administrative privileges on the DCNM application inject arbitrary commands on the underlying OS. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could let an attacker execute arbitrary commands on the device with full administrative privileges. Cisco said the vulnerability is due to insufficient validation of user-supplied input to the API.

Path-traversal vulnerability: A vulnerability in the Application Framework feature of DCNM could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks on an affected device. An attacker could exploit this vulnerability by sending a crafted request to the application. A successful exploit could allow the attacker to read, write, or execute arbitrary files in the system with full administrative privileges. The vulnerability is due to insufficient validation of user-supplied input to the Application Framework endpoint, Cisco stated.

Cisco has released software updates that address the vulnerabilities.

Cisco said it fixed all of the vulnerabilities in Cisco DCNM Software releases 11.3.1 and later.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags ciscosecurity

Featured

Slideshows

Reseller News Platinum Club celebrates leading partners in 2019

Reseller News Platinum Club celebrates leading partners in 2019

The leading players of the New Zealand channel came together to celebrate a year of achievement at the annual Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months.

Reseller News Platinum Club celebrates leading partners in 2019
Reseller News hosts alumnae breakfast for Women in ICT Awards

Reseller News hosts alumnae breakfast for Women in ICT Awards

Reseller News hosted its second annual alumnae breakfast for the Women in ICT Awards in New Zealand, designed to showcase the leading female leaders in the industry. Held at The Cordis in Auckland, attendees came together to hear inspiring keynotes and panel discussions, alongside high-level networking among peers. Photos by Gino Demeer.

Reseller News hosts alumnae breakfast for Women in ICT Awards
Reseller News Innovation Awards 2019: meet the winners

Reseller News Innovation Awards 2019: meet the winners

Reseller News honoured the standout players of the New Zealand channel in front of more than 480 technology leaders in Auckland on 23 October, recognising the achievements of top partners, emerging entrants and innovative start-ups.

Reseller News Innovation Awards 2019: meet the winners
Show Comments