Cisco has patched three critical vulnerabilities in its Data Center Network Manager (DCNM) software that could allow an attacker to bypass authentication. In addition, six High and two Medium severity DCNM software bugs were also addressed.
Released on Thursday, the Critical Cisco security advisory includes fixes for three separate vulnerabilities (CVE-2019-15975, CVE-2019-15976 and CVE-2019-15977) in its DCNM software versions 11.3(1) and later. To add, all three of the vulnerabilities are collectively rated Critical and carry a CVSS base score of 9.8.
According to Cisco, remote attackers could “bypass authentication and execute arbitrary actions with administrative privileges” on impacted devices.
Cisco provided a description of each of the vulnerabilities in the advisory and summarized below.
Cisco Data Center Network Manager REST API Authentication Bypass Vulnerability (CVE-2019-15975)
Cisco warned this REST API endpoint vulnerability CVE-2019-15975 is attributed to a static encryption key that is shared between DCNM software installations:
“An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.”
Cisco Data Center Network Manager SOAP API Authentication Bypass Vulnerability (CVE-2019-15976)
Cisco said this SOAP API endpoint vulnerability CVE-2019-15976 is also attributed to a static encryption key that is shared between DCNM software installations:
“An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the SOAP API with administrative privileges.”
Cisco Data Center Network Manager Authentication Bypass Vulnerability (CVE-2019-15977)
Cisco confirmed that CVE-2019-15977 is an authentication bypass vulnerability in its web-based management interface of Cisco DCNM:
“The vulnerability is due to the presence of static credentials. An attacker could exploit this vulnerability by using the static credentials to authenticate against the user interface. A successful exploit could allow the attacker to access a specific section of the web interface and obtain certain confidential information from an affected device.”
Attackers could then use this information to launch additional attacks against the device.
Other DCNM High and Medium severity vulnerabilities
In addition to these three Critical vulnerabilities, Cisco also patched six (6) High severity and two (2) Medium severity bugs summarized below:
- Critical Cisco DCNM SQL Injection Vulnerabilities (CVE-2019-15984, CVE-2019-15985)
- Critical Cisco DCNM Path Traversal Vulnerabilities (CVE-2019-15980, CVE-2019-15981)
- Critical Cisco DCNM Command Injection Vulnerabilities (CVE-2019-15978, CVE-2019-15979)
- Medium Cisco DCNM XML External Entity Read Access Vulnerability (CVE-2019-15983)
- Medium Cisco DCNM JBoss EAP Unauthorized Access Vulnerability (CVE-2019-15999).
Cisco recommends administrators apply the necessary updates as soon as possible.