Cisco warns of vulnerabilities that can let attackers issue arbitrary actions with administrative permissions. Credit: Metamorworks / Getty Images Cisco this week issued software to address multiple critical authentication exposures in its Data Center Network Manager (DCNM) software for its Nexus data center switches. DCNM is a central management dashboard for data-center fabrics based on Cisco Nexus switches and handles a number of core duties such as automation, configuration control, flow policy management and real-time health details for fabric, devices, and network topology. Cisco said that there were three exposures, which it rated as a 9.8 out of 10 on the Common Vulnerability Scoring System, in the DCNM authentication mechanisms that could let a remote attacker bypass authentication and execute arbitrary actions with administrative privileges on vulnerable devices. Cisco said that the vulnerabilities are independent of each other so exploitation of one is not required to exploit another. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the others, the company said. The critical weaknesses include: REST API authentication bypass vulnerability: A vulnerability in the REST API endpoint of Cisco DCNM could allow a remote attacker to bypass authentication. “The vulnerability exists because a static encryption key is shared between installations. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges,” Cisco stated. SOAP API authentication bypass vulnerability: A weakness in the SOAP API endpoint of Cisco DCNM could let an unauthenticated, remote attacker to bypass authentication on an affected device. Like the REST vulnerability, this problem exists because a static encryption key is shared between installations. Exploits could allow arbitrary actions through the SOAP API with administrative privileges. Authentication-bypass vulnerability: A weakness in the web-based management interface of Cisco DCNM could also let remote attackers bypass authentication on an affected device. Again, the vulnerability is due to the presence of static credentials that and an attacker could exploit by using them to authenticate against the user interface, Cisco stated. “A successful exploit could allow the attacker to access a specific section of the web interface and obtain certain confidential information from an affected device. This information could be used to conduct further attacks against the system,” Cisco stated. There are no workarounds that address these vulnerabilities but Cisco has released a DCNM software version that address the problems, the company stated. Cisco said it is not aware of any public announcements about or malicious use of the DCNM vulnerabilities. Less severe vulnerabilities There were numerous additional DCNM vulnerabilities involving the REST and SOAP APIs with “high” to “medium” threat ratings including: REST API SQL-injection vulnerability: A vulnerability in the REST API of Cisco DCNM could let an authenticated, remote attacker with administrative privileges execute arbitrary SQL commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API and an attacker could exploit this vulnerability by sending a crafted request to the API, Cisco wrote. A successful exploit could let an attacker view information that they are not authorized to view, make changes to the system that they are not authorized to make, or execute commands within the underlying operating system that may affect the availability of the system. REST API path-traversal vulnerability: A vulnerability in the REST API of Cisco DCNM could allow an authenticated, remote attacker with administrative privileges to conduct directory-traversal attacks on an affected device. An attacker could exploit this vulnerability by sending a crafted request to the API, which could allow the attacker to read, write, or execute arbitrary files in the system with full administrative privileges. The exposure is due to insufficient validation of user-supplied input to the API, Cisco wrote. REST API command-injection vulnerability: A weakness in the REST API of Cisco DCNM could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying OS. An attacker could exploit this vulnerability by sending a crafted request to the API and could let an attacker execute arbitrary commands on the device with full administrative privileges. The vulnerability is due to insufficient validation of user-supplied input to the API, Cisco stated. SOAP API SQL-injection vulnerability: A weakness in the SOAP API of Cisco DCNM could allow an authenticated, remote attacker with administrative privileges to execute arbitrary SQL commands on an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, or execute commands within the underlying operating system that may affect the availability of the device. The problem is due to insufficient validation of user-supplied input to the API, Cisco wrote. SOAP API path-traversal vulnerability: A vulnerability in the SOAP API of DCNM could allow an authenticated, remote attacker with administrative privileges to conduct directory-traversal attacks on an affected device. A successful exploit could allow the attacker to read, write, or execute arbitrary files in the system with full administrative privileges. Cisco said the vulnerability is due to insufficient validation of user-supplied input to the API. SOAP API command injection vulnerability: A vulnerability in the SOAP API of DCNM could let an authenticated, remote attacker with administrative privileges on the DCNM application inject arbitrary commands on the underlying OS. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could let an attacker execute arbitrary commands on the device with full administrative privileges. Cisco said the vulnerability is due to insufficient validation of user-supplied input to the API. Path-traversal vulnerability: A vulnerability in the Application Framework feature of DCNM could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks on an affected device. An attacker could exploit this vulnerability by sending a crafted request to the application. A successful exploit could allow the attacker to read, write, or execute arbitrary files in the system with full administrative privileges. The vulnerability is due to insufficient validation of user-supplied input to the Application Framework endpoint, Cisco stated. Cisco has released software updates that address the vulnerabilities. Cisco said it fixed all of the vulnerabilities in Cisco DCNM Software releases 11.3.1 and later. Related content analysis What is a virtual machine, and why are they so useful? Many of today’s IT innovations have their roots in virtual machines (VM) and their ability to separate software from hardware. By Keith Shaw May 03, 2024 9 mins Virtualization Data Center Networking analysis What is DNS and how does it work? The Domain Name System resolves the names of internet sites with their underlying IP addresses, adding efficiency and security in the process. By Josh Fruhlinger and Keith Shaw May 03, 2024 11 mins Internet Networking news Appeal court overturns $1.6bn mainframe software ‘poaching’ ruling against IBM AT&T ‘independently decided” to replace BMC software, the appeals court found. By John Leyden May 03, 2024 1 min Mainframes news Cisco, Red Hat extend networking, AI integrations Cisco and Red Hat will demo new network product integrations and introduce AI validated designs at the upcoming Red Hat Summit 2024. By Michael Cooney May 03, 2024 4 mins Network Virtualization Cloud Computing Networking PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe