Home & Office

Cisco critical bugs: Nexus data center switch software needs patching now

Patch your Cisco Data Center Network Manager software now or uninstall it.
Written by Liam Tung, Contributing Writer

Cisco has disclosed a dozen bugs affecting its Data Center Network Manager (DCNM) software, including three critical authentication-bypass bugs that expose enterprise customers to remote attacks.

Cisco warns that a remote attacker can bypass DCNM's authentication and carry out tasks with administrative privileges on an affected device. 

The available updates are highly important for enterprise data centers built with its Nexus NX-OS-based switches. DCNM is a key component for automating NX-OS-based network infrastructure deployments. 

SEE: IT pro's guide to the evolution and impact of 5G technology (free PDF)

Cisco points to three separate authentication bypass vulnerabilities in a single advisory. They're tagged as CVE-2019-15975, CVE-2019-15975, and CVE-2019-15977 and the trio have a severity rating of 9.8 out of a possible 10, meaning they are firmly critical security issues.  

The bugs "could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device", Cisco said.

Despite the common advisory, Cisco explains the vulnerabilities are independent of each other and that exploitation of one isn't required to exploit another. 

The first bug is due to a static encryption key that's shared between installations. The issue resides in the REST API endpoint of DCNM. It allows an attacker to use the static key to generate a valid session token and potentially carry out actions at will through the REST API with administrative privileges. 

The second bug stems from the same problem. However, it lies in the SOAP API endpoint of DCNM. "A successful exploit could allow the attacker to perform arbitrary actions through the SOAP API with administrative privileges," Cisco warned. 

The third bug is because Cisco added hard-coded credentials for the web-based user interface, which could allow an attacker to access a section of the web interface and obtain confidential information from an affected device. 

Cisco says it fixed these vulnerabilities in Cisco DCNM Software releases 11.3(1) and later on Windows, Linux, and virtual appliance platforms. 

The bugs were reported by Steven Seeley via Trend Micro's Zero Day Initiative and iDefense, Accenture.

SEE: How to find the best VPN service: Your guide to staying safe on the internet

Seeley's advice to customers is to patch DCNM now and, if that's not possible, uninstall the software. 

Seeley also found three high-severity bugs in the REST and SOAP API endpoints and the Application Framework feature of DCNM. The bugs could allow an authenticated remote attacker to conduct directory traversal attacks on an affected device,.   

The bugs affect Cisco DCNM prior to Release 11.3(1) for Windows, Linux, and virtual appliance platforms. All three bugs were due to insufficient validation of user-supplied input to the respective interfaces. 

Two extra bugs he found in DCNM included a high-severity command-injection flaw in DCNM REST and SOAP API endpoints and a medium-severity issue in DCNM. 

More on Cisco and network security

  • Cisco: All these routers have the same embedded crypto keys, so update firmware  
  • Cisco: These Wi-Fi access points are easily owned by remote hackers, so patch now  
  • Cisco warning: These routers running IOS have 9.9/10-severity security flaw
  • Patch now: Cisco IOS XE routers exposed to rare 10/10-severity security flaw  
  • Seriously? Cisco put Huawei X.509 certificates and keys into its own switches
  • New Cisco critical bugs: 9.8/10-severity Nexus security flaws need urgent update
  • Cisco critical-flaw warning: These two bugs in our data-center gear need patching now
  • Cisco alert: Patch this dangerous bug open to remote attacks via malicious ads
  • Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear
  • Cisco's warning: Patch now, critical SSH flaw affects Nexus 9000 fabric switches
  • Cisco warns over critical router flaw
  • Cisco: These are the flaws DNS hijackers are using in their attacks
  • Cisco bungled RV320/RV325 patches, routers still exposed to hacks
  • Cisco tells Nexus switch owners to disable POAP feature for security reasons
  • Cisco: Patch routers now against massive 9.8/10-severity security hole
  • How to improve cybersecurity for your business: 6 tips TechRepublic
  • New cybersecurity tool lets companies Google their systems for hackers CNET
  • Editorial standards