Sunday, January 05, 2020

Cisco Patches More ‘Critical’ DCNM Flaws

Cisco late last week rolled out a handful of “critical” security updates targeting its Data Center Network Manager (DCNM), which has a history of security flaws. Cisco late last week rolled out a handful of “critical” security updates targeting its Data Center Network Manager (DCNM), which has a history of security flaws. The latest updates are for DCNM software releases earlier than Release 11.3(1) for Microsoft Windows, Linux, and virtual appliance platforms. The vulnerabilities are in the authentication mechanism of Cisco’s DCNM that could allow an unauthenticated, remote attacker to bypass authentication and execute actions or privileges on a device. Specific systems impacted include the REST API endpoint (CVE-2019-15975), the SOAP API endpoint (CVE-2019-15976), and the web-based management interface (CVE-2019-15977). The vulnerabilities were initially discovered by Steven Seeley of Source Incite, who was working with Trend Micro’s Zero Day Initiative. Cisco has released software updates for all three vulnerabilities. Cisco’s DCNM is the network management platform for all of its network operating system-enabled deployments including Cisco Nexus switches. the DCNM platform has also been home to previous vulnerabilities. Cisco last year patched a handful of DCNM security flaws that could have also allowed attackers to gain remote access to affected devices. Two of the bugs were deemed “critical” and found in the DCNM software web-based management interface. The other two were considered lower priority. Those patches followed on the heels of the “Thrangycat” attack that hit Cisco switches, routers, and firewalls. The attack could allow hackers to remotely attack corporate networks, steal data, and attack other devices connected to the networks, according to Red Balloon Security, which discovered the flaw. Cisco’s Talos researchers late last month also warned about an increase in exploitation attempts against its Cisco Adaptive Security Appliance (ASA) and Firepower Appliance. It was tied to a vulnerability initially discovered in 2018, and given a “critical” rating.

Archive