Cisco patches critical vulnerabilities in Data Center Network Manager

Critical flaws found in Cisco’s network management software for data centres

A security researcher has found critical vulnerabilities in Cisco’s Data Center Network Manager (DCNM) software that if exploited could allow attackers to upload files and execute code with root privileges.

Four bugs were found in total, all exploiting vulnerabilities in the web-console of DCNM. Two were given a severity score of 9.8/10, the other two received scores of 7.5 and 5.3.

DCNM allows operators to track and automate the management of networking equipment in data centres.

The first severe vulnerability CVE-2019-1620 could allow unauthenticated remote attackers to upload files to networking devices via DCNM’s web console.

Due to incorrect permission settings in DCNM, the attacker could write arbitrary files on the file system and execute code with root privileges, by sending specially crafted data to a specific web servlet accessible on affected devices.

Cisco removed the web servlet in question from DCNM version 11.2 (1), so users running earlier versions should update now.

The second critical flaw could also allow an unauthenticated remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on affected gear.

Unlike the first flaw, that exploits inaccurate permission settings, this vulnerability is due to improper session management on DCNM software.

“An attacker may obtain a valid session cookie without knowing the administrative user password by sending a specially crafted HTTP request to a specific web servlet that is available on affected devices,” reads the advisory.

The vulnerability affects DCNM versions earlier than 11.1 (1) and has been patched in a software update.

The third vulnerability, rated 7.5 out of 10, could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. Like the first vulnerability, it is caused by incorrect permissions settings on DCNM software.

An attacker could exploit this vulnerability by connecting to the web-based console of an affected device and requesting specific URLs. If they used a specific web servlet on affected DCNM devices they could download any files from the underlying filesystem, Cisco said.

The company said it has removed the servlet in question from DCNM software versions 11.2.(1).

The final vulnerability has a medium severity score of 5.3 and could also allow attackers to retrieve data from an affected device. It is caused by improper access controls for certain URLs on affected DCNM software.

“An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs.

“A successful exploit could allow the attacker to download log files and diagnostic information from the affected device,” reads the advisory.

All four bugs were discovered by security researcher Pedro Ribeiro who reported them to iDefense’s Vulnerability Contributor Program.

Last week Cisco released critical security alerts for its DNA Center and SD-WAN software.