Cisco fixes critical flaws impacting DCNM and SD-WAN
The bug could allow unauthenticated attackers to steal sensitive information from vulnerable devices
Cisco has released security patches to address multiple critical security vulnerabilities impacting its Data Center Network Manager (DCNM) and SD-WAN software products.
The most notable among these flaws are three critical authentication bypass, authorisation bypass and buffer overflow bugs, which could allow a remote, unauthenticated attacker to steal sensitive information from affected devices.
CVE-2020-3382, which received a CVSS base score of 9.8 out of 10, is an authentication bypass bug existing in the REST API of Cisco DCNM, which could enable a remote attacker to run arbitrary commands on a vulnerable device, with administrative rights.
According to Cisco, this flaw arises due to sharing of a static encryption key between different installations. Because of the vulnerability, an unauthenticated attacker can use the static key to create a valid session token and execute commands on the device.
The flaw impacts all deployment modes of all Cisco DCNM devices installed using .iso or .ova installers and Cisco DCNM software releases 11.0(1), 11.1(1), 11.2(1), and 11.3(1).
There are no workarounds to address the flaw, according to the company.
Another critical bug fixed by Cisco is a buffer overflow bug impacting SD-WAN Solution software. Filed as CVE-2020-3375, it could enable a remote, unauthenticated attacker to trigger a buffer overflow on the affected device.
This vulnerability exists because of insufficient input validation, and could be exploited by sending specially crafted traffic to the device. Successfully exploiting the bug could enable the attacker to gain unauthorised access to sensitive information, make changes, and run commands with root privileges on affected system.
The following Cisco products are affected by the vulnerability, if they run a vulnerable release of Cisco SD-WAN Solution software:
- SD-WAN vEdge Routers
- SD-WAN vSmart Controller Software
- SD-WAN vManage Software
- SD-WAN vEdge Cloud Routers
- SD-WAN vBond Orchestrator Software
- IOS XE SD-WAN Software
The third critical vulnerability addressed by Cisco is an authorisation bypass bug impacting SD-WAN vManage Software. Indexed as CVE-2020-3374, this bug received a CVSS base score of 9.9 out of 10. It arises due to insufficient authorisation checking on vulnerable system and could enable an unauthenticated, remote attacker to bypass authorisation, change the system configuration, access sensitive information, and impact the availability of the system.
Apart from fixing the above-mentioned bugs, Cisco has also released updates to address eight high- and medium-severity flaws in other Cisco DCNM Software releases. The company said it has no reports of these vulnerabilities being exploited in the wild by hackers.
Earlier this month, Cisco had also released security updates to fix 31 vulnerabilities affecting many of its router and firewall products, warning that some of the bugs could be remotely exploited by unauthenticated attackers without requiring any user interaction.
Earlier in February, Cisco had fixed critical 'CDPwn' vulnerabilities that enabled the remote hijack of millions of routers and switches.