Rewterz Threat Alert – DeathRansom Ransomware Encrypting Files – IoCs
January 3, 2020Rewterz Threat Advisory – Cisco Data Center Network Manager Multiple Vulnerabilities
January 6, 2020Severity
High
Analysis Summary
Cisco patched three authentication bypass bugs tied to its DCNM platform used to manage NX-OS. The three critical vulnerabilities impact a key tool for managing its network platform and switches. The bugs could allow an unauthenticated, remote attacker to bypass endpoint authentication and execute arbitrary actions with administrative privileges on targeted devices.
All three (CVE-2019-15975, CVE-2019-15976, CVE-2019-15977) impact the Cisco Data Center Network Manager (DCNM), a platform for managing its data centers running Cisco’s NX-OS. NX-OS is the network operating system used by Cisco’s Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches.
Affected products include Cisco DCNM software releases earlier than Release 11.3 for Microsoft Windows, Linux and virtual appliance platforms.
Two of the flaws (CVE-2019-15975 and CVE-2019-15976), “are authentication bypass vulnerabilities in the REST API and SOAP API endpoints for Cisco DCNM due to the existence of a static encryption key shared between installations. The third bug (CVE-2019-15976) is described by Cisco as “data center network manager authentication bypass vulnerability.” This flaw exists in the web-based management interface of the DCNM, allowing an unauthenticated, remote attacker to bypass authentication on an affected device.
Impact
- Authentication Bypass
- Unauthorized Remote Access
Affected Vendors
Cisco
Affected Products
Cisco DCNM software releases earlier than Release 11.3 for Microsoft Windows Linux and virtual appliance platforms
Remediation
Update to Cisco DCNM Software releases 11.3(1) and later.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass