Cisco today released patches to its DCNM software to correct critical vulnerabilities that allow remote attackers to upload files and to perform root privileges actions.
The updates cover four security bugs, two of which are characterized by a nearest gravity of 9.8 out of 10.
All vulnerabilities are in the DCNM web management console and can be exploited remotely without authentication by a potential adversary.
DCNM is Cisco’s solution for keeping visibility and automating network equipment management in data centers, for example Nexus Series switches.
Critical flaws lead to increased privileges
The CVE-2019-1620 is one of the critical issues to follow. It is available in DCNM versions before version 11.2(1) and could also be used to upload arbitrary files on the affected system by a threat actor.
Incorrect permission settings at the web-based network management platform allow files to be written and code executed with root privileges on the filesystem.
“An attacker can generate arbitrary data on the underlying DCNM filesystem by sending specificly crafted data to a web service on affected devices,” reads Cisco’s advisory.
It notes, however, that the attacker can not leverage the bug in DCNM 11.0(1) and earlier without authentication. The affected web servlet supports unauthenticated access in versions starting 11.1(1).
The second critical vulnerability has been identified as the CVE-2019-1619, which a potential opponent could use to circumvent authentication and managerial privileges in releases before 11.1(1). You can obtain a session cookie by sending a specially crafted HTTP request to a particular web servlet.
Less severe, not less important
Another bug-high severity score of 7.5-that could be used to cause enough damage is CVE-2019-1621. The results are incorrect permission settings on the DCNM 11.2(1) and earlier web-based interface.
“An attacker could use a specific web servlet that is available on affected DCNM devices to download arbitrary files from the underlying filesystem” by requesting specific URLs, Cisco informs today.
The least severe vulnerability Cisco patched today in DCNM is CVE-2019-1622, a medium risk information disclosure that allows potential adversaries to download log data and diagnostic info from an affected device.