Cisco Warns Of Flaws In Data Centre Kit

Cisco has issued two advisories for facilities managers, concerning security vulnerabilities found in its data centre equipment.

The first patch concerns a critical flaw found in its Digital Network Architecture (DNA) Center appliance, and the second (a less serious flaw) affects the command-line interface of Cisco’s SD-WAN Solution.

The American networking giant issues patches when it uncovers flaws. Last September for example it patched its Video Surveillance Manager software to fix a bug involving root account credentials that were mistakenly left hard-coded into devices.

DNA flaw

Cisco revealed the existence of the critical flaw concerning its Digital Network Architecture (DNA) Center appliance in an advisory post, and said the vulnerability affects DNA Center Software releases prior to 1.3.

“A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services,” it warned.

It said there is no workarounds that address this vulnerability, but that it has released software updates that address it.

“The vulnerability is due to insufficient access restriction to ports necessary for system operation,” said Cisco. “An attacker could exploit this vulnerability by connecting an unauthorised network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access.”

Meanwhile a second privilege escalation vulnerability, although a bit less serious, concerns Cisco’s SD-WAN Solution. It again was noted in another Cisco advisory.

This vulnerability affects the Cisco product running a release of the Cisco SD-WAN Solution prior to releases 18.3.6, 18.4.1, and 19.1.0.

“A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device,” warned the networking firm.

“The vulnerability is due to insufficient authorisation enforcement,” Cisco wrote. “An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow the attacker to make configuration changes to the system as the root user.”

Flaws can be found in all types of tech. This time last year Iran warned that “advanced actors” had exploited a flaw with Cisco routers to launch an attack that apparently hit 200,000 routers around the world.

Iran said those “advanced actors” could have been working for a nation state, after computer screens in data centres in Iran were apparently left with the image of a US flag on screens along with a warning: “Don’t mess with our elections”.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

22 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

23 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

24 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago