Cisco recently issued patches for numerous security bugs in the Data Center Network Manager. These include multiple medium and high-severity vulnerabilities and a critical-severity flaw.
Critical Vulnerability In Cisco DCNM
According to Cisco’s advisory, a critical authorization bypass vulnerability existed in the Data Center Network Manager (DCNM). This vulnerability, CVE-2020-3382, achieved a CVSS score of 9.8.
Briefly, the bug affected the REST API and appeared because of a shared static encryption key among different installations. Hence, an unauthenticated remote attacker could exploit this shared key to craft valid session tokens.
Consequently, exploiting the bug could allow the attacker to execute arbitrary commands with admin privileges on the target system.
The bug affected all Cisco DCNM software releases 11.0(1), 11.1(1), 11.2(1), and 11.3(1), and deployment modes installed via .iso or .ova installers.
Eventually, Cisco patched the flaw with the release of DCNM software releases 11.4(1) and later.
Other Data Center Network Manager Bugs
Besides the critical flaw, Cisco also patched numerous other vulnerabilities affecting the Data Center Network Manager. These include five different high-severity vulnerabilities and three medium severity flaws.
The high severity bugs include two command injection flaws (CVE-2020-3377 and CVE-2020-3384), a path traversal vulnerability (CVE-2020-3383), an improper authorization vulnerability (CVE-2020-3386), and an authentication bypass vulnerability (CVE-2020-3376).
Whereas, the medium severity bugs include an information disclosure vulnerability (CVE-2020-3461), an SQL injection flaw (CVE-2020-3462), and a cross-site scripting (XSS) vulnerability (CVE-2020-3460).
Cisco also patched all these vulnerabilities with the release of DCNM 11.4(1) and later.
Critical Cisco SD-WAN vManage Software Flaw
Along with Cisco DCNM, the vendors also addressed a critical vulnerability, CVE-2020-3374, affecting the SD-WAN vManage Software. As stated in their advisory, this vulnerability (CVSS 9.9) could also allow a remote attacker to evade authorization and access data with elevated privileges.
Cisco patched this vulnerability with the release of SD-WAN vManage Software releases 18.4.5, 19.2.2, and 20.1.1
Users of the respective products must ensure patching their systems with fixed releases to stay safe.
Let us know your thoughts in the comments.