Cisco has released emergency patches to fix two critical vulnerabilities affecting its Data Center Network Manager (DCNM), just a week after the company warned customers to patch its network management products.
The vulnerabilities could allow a remote attacker to take control of Nexus converged data center systems. Cisco has said that it has not spotted any active exploits of this flaw.
The DCNM is used to automate provisioning, troubleshooting, and spotting configuration errors for all systems that run NX-OS on Cisco’s Nexus data center hardware.
These two vulnerabilities labelled CVE-2019-1619 and CVE-2019-1620, have been patched and there are no workarounds to get past these flaws.
Both patched vulnerabilities registered at 9.8 out of 10 on Cisco’s Common Vulnerability Scoring System, meaning this vulnerability could be critical. Along with these vulnerabilities, two other less severe flaws were also patched.
Cisco said about CVE-2019- 1619: “The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device
“Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.”
The second flaw, CVE-2019-1620, could allow an attacker to upload malicious files onto the DCNM.
Cisco has said that DCNM users on release 11.2(1) and later should not be affected, but those on 11.1(1) could be vulnerable to attackers gaining unauthorized access to exploit the flaw. In this earlier release attackers need to be authenticated to the DCNM interface to exploit it.
The vulnerabilities that Cisco disclosed last week concerned the Digital Network Architecture (DNA) Center appliance. Cisco had failed to adequately restrict access to ports used to operate the DNA center appliance, which led to a vulnerability that potentially could allow an "adjacent" attacker to bypass authentication and damage critical internal services. The bug was less severe than this week’s vulnerabilities, rated at 9.3 out of 10 on Cisco’s CVSS.