Rewterz Threat Advisory – CVE-2020-3382 – Critical Vulnerabilities in Cisco’s DCNM and SD-WAN vManage software

Severity

High

Analysis Summary

CVE-2020-3382 – A critical security vulnerability is found in Cisco Data Center Network Manager (DCNM), which is a key piece of Cisco’s data-center automation software for its widely used MDS and Nexus line of networking hardware. This critical flaw can be exploited by anyone on the internet. A bug in the REST application protocol interface (API) of DCNM could allow anyone on the internet to skip over the web interface’s log in and carry out actions as if they were an administrator of the device. The static key lets attackers use it to generate a valid session token on an affected device and do whatever they want through the REST API with administrative privileges.   

CVE-2020-3374 – Another highly critical flaw is found in the web interface of Cisco SD-WAN vManage software. It lets a person on the internet with the right credentials attack a system after bypassing authorization. From there, attackers could reconfigure a system and knock it offline or access sensitive information. The vulnerability is due to insufficient authorization checking on the affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system.

Impact

• Authentication Bypass
• Privilege abuse
• Information disclosure
• Unavailability of affected system

Affected Vendors

Cisco

Affected Products

DCNM software releases 11.0(1)
11.1(1)
11.2(1)
and 11.3(1).
SD-WAN vManage 18.3 or prior

Remediation

Admins need to install the latest versions of Cisco’s DCNM software releases.

They also need to install fixed releases of Cisco SD-WAN vManage.