The data center vulnerability (CVE-2020-3382) has scored 9.8 out of 10, making it a highly critical security issue. The issue involves a vulnerability in the REST API of Cisco Data Center Network Manager (DCNM). The vulnerability could enable unauthenticated attackers bypass authentication and then execute arbitrary actions with adin privileges.
More about Cisco DCNM
Cisco DCNM is a network management platform for all NX-OS-enabled deployments, spanning new fabric architectures, IP Fabric for Media, and storage networking deployments for the Cisco Nexus-powered data center, the official website says.
As for the CVE-2020-3382 vulnerability, according to Cisco’s advisory, “the vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.”
The issue resides in the REST API of Cisco Data Center Network Manager (DCNM), and as already mentioned, it could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on affected devices.
It should also be noted that the vulnerability affects all deployment modes of all Cisco DCNM appliances that were installed using .ova or .iso installers. Fortunately, the company has already released free software updates that address the critical flaw.
This is not the only vulnerability fixed in Cisco DCNM. Five high-risk bugs were also fixed, which could have allowed autheticated, remote attackers inject arbitrary commands, and write arbitrary files in the system using the privileges of the logged-in user, among other malicious activities. Three medium-risk vulnerabilities were also addresses. They could have allowed XSS (cross-site scripting), SQL injection, and information disclosure attacks.
The company has also addresses several bugs in SD-WAN, which enables users to manage connectivity accross their WAN from a single dashboard, the Cisco vManage console.
The vulnerabilities are the following:
CVE-2020-3375: a critical buffer overflow flaw which affects SD-WAN Solution software, and which could have been exploited by sending crafted traffic to affected devices, thus allowing attackers to gain access to sensitive information, among other malicious activities.
CVE-2020-3374: a critical vulnerability which resided in the web-based management interface of Cisco SD-WAN vManage Software. The bug could have been exploited to send crafted HTTP requests, enabling attackers to access sensitive information, modify system configuration, and impact the availability of the said system.