Cisco fixes critical vulnerabilities in its Data Center Network Manager

• Four critical vulnerabilities were detected in DCNM's web-management console that could be exploited remotely by an attacker without any authentication.
• Out of the four vulnerabilities, two are marked as a high-severity flaw with the CVSS score of 9.8.

Cisco has released patched to address the critical vulnerabilities in its Data Center Network Manager (DCNM) that could allow an attacker to upload files and execute commands with root privileges.

What are the vulnerabilities?

A researcher named Pedro Ribeiro detected four vulnerabilities in DCNM's web-management console that could be exploited remotely by an attacker without any authentication.

Data Center Network Manager (DCNM) is Cisco's solution for maintaining visibility and automating the management of networking gear in data centers, such as Nexus Series switches.

Out of the four vulnerabilities, two are marked as a high-severity flaw with the CVSS score of 9.8.

Arbitrary file upload vulnerability

The first vulnerability tracked as CVE-2019-1620 resides in DCNM versions prior to version 11.2(1). This vulnerability could allow an attacker to upload arbitrary files on an affected system.

An attacker cannot exploit the vulnerability without authentication in DCNM 11.0(1) and earlier. However, versions starting 11.1(1) supports unauthenticated access.

The issue arises from the fact that incorrect permission settings in the web-based interface of DCNM allow writing files on the filesystem and running code with root privileges.

“An attacker may achieve creation of arbitrary files on the underlying DCNM filesystem by sending specially crafted data to a specific web servlet that is available on affected devices,” Cisco said in an advisory.

Authentication bypass vulnerability

The second vulnerability tracked as CVE-2019-1619 could allow an attacker to bypass authentication and execute arbitrary actions with administrative privileges.

The issue is due to improper session management on affected DCNM software. This vulnerability could be exploited by sending a crafted HTTP request to the affected device.

Arbitrary file download vulnerability

The third vulnerability trackes as CVE-2019-1621 is a arbitrary file download vulnerability. This vulnerability stems from incorrect permission settings in the web-based interface of DCNM 11.2(1) and earlier.

This bug could allow an attacker to download arbitrary files from the underlying filesystem of the affected device by connecting to the web-based management interface and requesting specific URLs.

Information disclosure vulnerability

The last vulnerability tracked as CVE-2019-1622 is an information disclosure vulnerability that could allow an attacker to download log data and diagnostic info from an affected device.

“The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs,” Cisco said.