Rewterz Threat Alert – ProLock Ransomware – IoCs
July 30, 2020Rewterz Threat Advisory – CVE-2020-14520 – ICS: Inductive Automation Ignition 8
August 3, 2020Rewterz Threat Alert – ProLock Ransomware – IoCs
July 30, 2020Rewterz Threat Advisory – CVE-2020-14520 – ICS: Inductive Automation Ignition 8
August 3, 2020Severity
High
Analysis Summary
CVE-2020-3382 – A critical security vulnerability is found in Cisco Data Center Network Manager (DCNM), which is a key piece of Cisco’s data-center automation software for its widely used MDS and Nexus line of networking hardware. This critical flaw can be exploited by anyone on the internet. A bug in the REST application protocol interface (API) of DCNM could allow anyone on the internet to skip over the web interface’s log in and carry out actions as if they were an administrator of the device. The static key lets attackers use it to generate a valid session token on an affected device and do whatever they want through the REST API with administrative privileges.
CVE-2020-3374 – Another highly critical flaw is found in the web interface of Cisco SD-WAN vManage software. It lets a person on the internet with the right credentials attack a system after bypassing authorization. From there, attackers could reconfigure a system and knock it offline or access sensitive information. The vulnerability is due to insufficient authorization checking on the affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system.
Impact
- Authentication Bypass
- Privilege abuse
- Information disclosure
- Unavailability of affected system
Affected Vendors
Cisco
Affected Products
DCNM software releases 11.0(1)
11.1(1)
11.2(1)
and 11.3(1).
SD-WAN vManage 18.3 or prior
Remediation
Admins need to install the latest versions of Cisco’s DCNM software releases.
They also need to install fixed releases of Cisco SD-WAN vManage.