Cisco has issued a number of critical security advisories for its data centre manager and SD-WAN offering customers should deal with now.
On the data centre side, the most critical – with a threat score of 9.8 out of 10 – involves a vulnerability in the REST API of Cisco Data Centre Network Manager (DCNM) could let an unauthenticated, remote attacker bypass authentication and execute arbitrary actions with administrative privileges on an affected device.
Cisco DCNM lets customers see and control network connectivity through a single web-based management console for the company’s Nexus, Multilayer Director Switch, and Unified Computing System products.
“The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges,” Cisco stated.
According to Cisco, this vulnerability affects all deployment modes of all Cisco DCNM appliances that were installed using .ova or .iso installers and Cisco DCNM software releases 11.0, 11.1, 11.2, and 11.3.
The vendor issued eight other security warnings in the DCNM package, one of the worst being a 8.2-rated high vulnerability in REST API endpoints of DCNM could let an authenticated, remote attacker inject arbitrary commands on the underlying operating system with the privileges of the logged-in user.
The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to inject arbitrary commands on the underlying operating system, Cisco said. Other high-rated REST API security holes in DCNM were revealed as well.
As for the SD-WAN warnings, Cisco deemed two of them critical. The first, with a security-threat rating of 9.9, describes a weakness in the web-based management interface of Cisco SD-WAN vManage Software that could let an authenticated, remote attacker bypass authorisation, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system.
The vulnerability is due to insufficient authorisation checking on the affected system. An attacker could exploit this weakness by sending crafted HTTP requests to the web-based management interface of an affected system, Cisco stated.
A successful exploit could allow the attacker to gain privileges beyond what would normally be authorised for the configured user-authorisation level. The attacker may be able to access sensitive information, modify the system configuration, or affect system availability, Cisco stated.
The second critical warning, with a security threat rating of 9.8, is a vulnerability in Cisco SD-WAN Solution Software that could let an unauthenticated, remote attacker cause a buffer overflow on an affected device.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device.
A successful exploit could allow the attacker to gain access to information that they are not authorised to access, make changes to the system that they are not authorised to make, and execute commands on an affected system with privileges of the root user, Cisco said.
Vulnerable products include: IOS XE SD-WAN Software, SD-WAN vBond Orchestrator Software, SD-WAN vEdge Cloud Routers, SD-WAN vEdge Routers, SD-WAN vManage Software, and SD-WAN vSmart Controller Software.
Cisco said there were no workarounds that address these vulnerabilities and that it had released software updates that address all of the weaknesses.