Cisco Warns Of Flaws In Data Centre Kit

Cisco has issued two advisories for facilities managers, concerning security vulnerabilities found in its data centre equipment.

The first patch concerns a critical flaw found in its Digital Network Architecture (DNA) Center appliance, and the second (a less serious flaw) affects the command-line interface of Cisco’s SD-WAN Solution.

The American networking giant issues patches when it uncovers flaws. Last September for example it patched its Video Surveillance Manager software to fix a bug involving root account credentials that were mistakenly left hard-coded into devices.

DNA flaw

Cisco revealed the existence of the critical flaw concerning its Digital Network Architecture (DNA) Center appliance in an advisory post, and said the vulnerability affects DNA Center Software releases prior to 1.3.

“A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services,” it warned.

It said there is no workarounds that address this vulnerability, but that it has released software updates that address it.

“The vulnerability is due to insufficient access restriction to ports necessary for system operation,” said Cisco. “An attacker could exploit this vulnerability by connecting an unauthorised network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access.”

Meanwhile a second privilege escalation vulnerability, although a bit less serious, concerns Cisco’s SD-WAN Solution. It again was noted in another Cisco advisory.

This vulnerability affects the Cisco product running a release of the Cisco SD-WAN Solution prior to releases 18.3.6, 18.4.1, and 19.1.0.

“A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device,” warned the networking firm.

“The vulnerability is due to insufficient authorisation enforcement,” Cisco wrote. “An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow the attacker to make configuration changes to the system as the root user.”

Flaws can be found in all types of tech. This time last year Iran warned that “advanced actors” had exploited a flaw with Cisco routers to launch an attack that apparently hit 200,000 routers around the world.

Iran said those “advanced actors” could have been working for a nation state, after computer screens in data centres in Iran were apparently left with the image of a US flag on screens along with a warning: “Don’t mess with our elections”.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago