Cisco Warns Of Flaws In Data Centre Kit

Cisco has issued two advisories for facilities managers, concerning security vulnerabilities found in its data centre equipment.

The first patch concerns a critical flaw found in its Digital Network Architecture (DNA) Center appliance, and the second (a less serious flaw) affects the command-line interface of Cisco’s SD-WAN Solution.

The American networking giant issues patches when it uncovers flaws. Last September for example it patched its Video Surveillance Manager software to fix a bug involving root account credentials that were mistakenly left hard-coded into devices.

DNA flaw

Cisco revealed the existence of the critical flaw concerning its Digital Network Architecture (DNA) Center appliance in an advisory post, and said the vulnerability affects DNA Center Software releases prior to 1.3.

“A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services,” it warned.

It said there is no workarounds that address this vulnerability, but that it has released software updates that address it.

“The vulnerability is due to insufficient access restriction to ports necessary for system operation,” said Cisco. “An attacker could exploit this vulnerability by connecting an unauthorised network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access.”

Meanwhile a second privilege escalation vulnerability, although a bit less serious, concerns Cisco’s SD-WAN Solution. It again was noted in another Cisco advisory.

This vulnerability affects the Cisco product running a release of the Cisco SD-WAN Solution prior to releases 18.3.6, 18.4.1, and 19.1.0.

“A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device,” warned the networking firm.

“The vulnerability is due to insufficient authorisation enforcement,” Cisco wrote. “An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow the attacker to make configuration changes to the system as the root user.”

Flaws can be found in all types of tech. This time last year Iran warned that “advanced actors” had exploited a flaw with Cisco routers to launch an attack that apparently hit 200,000 routers around the world.

Iran said those “advanced actors” could have been working for a nation state, after computer screens in data centres in Iran were apparently left with the image of a US flag on screens along with a warning: “Don’t mess with our elections”.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

10 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

12 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

14 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

15 hours ago