Lucene search

threatpostTom SpringTHREATPOST:C4650E22534F775312B3885DAA306DDA
HistoryJan 03, 2020 - 6:33 p.m.

3 Critical Bugs Allow Remote Attacks on Cisco NX-OS and Switches

Tom Spring





Cisco Systems has issued patches for three critical vulnerabilities impacting a key tool for managing its network platform and switches. The bugs could allow an unauthenticated, remote attacker to bypass endpoint authentication and execute arbitrary actions with administrative privileges on targeted devices, the vendor said.

the networking giant disclosed the critical flaws on Thursday; all three (CVE-2019-15975, CVE-2019-15976, CVE-2019-15977) impact the Cisco Data Center Network Manager (DCNM), a platform for managing its data centers running Cisco’s NX-OS. NX-OS is the network operating system used by Cisco’s Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches.

Affected products include Cisco DCNM software releases earlier than Release 11.3 for Microsoft Windows, Linux and virtual appliance platforms.

According to the Tenable researchers that analyzed the bugs, two of the flaws (CVE-2019-15975 and CVE-2019-15976), “are authentication bypass vulnerabilities in the REST API and SOAP API endpoints for Cisco DCNM due to the existence of a static encryption key shared between installations.”

Representational State Transfer (REST) is an architecture style for designing networked applications, according to Simple Object Access Protocol (SOAP) is a standard communication protocol system that permits processes using different operating systems such as Linux and Windows to communicate via HTTP and its XML, according to a DZone description.

“A remote, unauthenticated attacker could gain administrative privileges through either the REST API or SOAP API by sending a specially crafted request that includes a valid session token generated using the static encryption key,” wrote Satnam Narang, senior research engineer with Tenable, in a blog post outlining the discovery.

Cisco wrote in its security advisory that vulnerabilities can be exploited independently of the other.

The third bug (CVE-2019-15976) is described by Cisco as “data center network manager authentication bypass vulnerability.” This flaw exists in the web-based management interface of the DCNM, allowing an unauthenticated, remote attacker to bypass authentication on an affected device.

“The vulnerability is due to the presence of static credentials. An attacker could exploit this vulnerability by using the static credentials to authenticate against the user interface,” Cisco wrote. “A successful exploit could allow the attacker to access a specific section of the web interface and obtain certain confidential information from an affected device. This information could be used to conduct further attacks against the system.”

Each of the three bugs received a Common Vulnerability Scoring System Score of 9.8 severity. Cisco has released software updates patching the vulnerabilities. The company added there are no workarounds to fix the problems.

In addition to the three critical bugs, Cisco patched nine additional flaws of lesser severity, also tied to its DCNM component.