Cisco Patches DCNM Vulnerabilities

Cisco patched vulnerabilities in its Prime Data Center Network Manager (DCNM) which had two critical vulnerabilities an attacker could leverage for remote code execution and to access the product’s administrative console.

One of the flaws, CVE-2017-6639, has a lack of authentication and authorization for a debugging tool inadvertently left enabled.

RELATED STORIES
Cisco Releases Huge Zero Day Patch
Cisco Fixes Multiple Vulnerabilities
Cisco Finds Moxa Vulnerabilities
Cisco Fixes Aironet Flaws

A remote, unauthenticated attacker can leverage the vulnerability to access sensitive information or execute arbitrary code with root privileges by connecting to the debugging tool via TCP.

The vulnerability affects Cisco Prime DCNM releases 10.1(1) and 10.1(2) for Windows, Linux and virtual appliances.

The second Prime DCNM hole, CVE-2017-6640, has a default user account protected by a static password. An attacker who can remotely connect to the affected system can use this account to gain privileged access to the server’s administration interface.

The networking giant said this flaw only affects Prime DCNM running software version 10.2(1) for Windows, Linux and virtual appliances.

The DCNM vulnerabilities came to Cisco from Antonius Mulder of Commonwealth Bank of Australia. As of now, there is no evidence that they have undergone exploitation.

The vulnerabilities ended up patched with the release of version 10.2(1). No workarounds are available.

In addition, Cisco also published an advisory for a high severity local privilege escalation vulnerability affecting AnyConnect Secure Mobility Client for Windows versions prior to 4.4.02034.

The vulnerability, reported by Felix Wilhelm of ERNW, allows a local attacker to install and execute a file with SYSTEM privileges.