Networking giant Cisco has disclosed two critical vulnerabilities affecting core equipment in the data center that could give determined attackers an avenue to break into networks.
Cisco’s Digital Network Architecture (DNA) Center appliance has once again been found to be vulnerable to an authentication bypass, which could allow an “adjacent” attacker to skip authentication and cause damage to an organization’s critical internal services.
DNA Center allows admins to add new devices to the network and manage them based on enterprise policies.
The flaw, tagged as CVE-2019-1848, is because Cisco didn’t sufficiently restrict access to ports used to operate the system. The vulnerability would allow an attacker to connect an unauthorized device to the network.
“A successful exploit could allow an attacker to reach internal services that are not hardened for external access,” Cisco notes in the advisory.
The bug is rated critical with a CVSS score of 9.3 out of a possible 10 and affects Cisco DNA Center software releases prior to 1.3.
It’s not quite as bad as last year’s authentication bypass affecting the DNA Center software, which allowed a remote attacker to take complete control of the software’s identity-management functions.
A slightly less severe but also critical-rated flaw, CVE-2019-1625, affects the command-line interface of Cisco’s SD-WAN Solution. An attacker would need to be authenticated and have access to the equipment already, but this flaw could allow an escalation of privileges to root user on the affected device.
“The vulnerability is due to insufficient authorization enforcement,” Cisco explains.
“An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow the attacker to make configuration changes to the system as the root user.”
The bug affects Cisco’s vBond Orchestrator Software, vEdge Series Routers from the 100, 1000, 2000, and 5000 range, vEdge Cloud Router Platform, vManage Network Management Software, and vSmart Controller Software.
The products are vulnerable if they are running on Cisco SD-WAN Solution prior to releases 18.3.6, 18.4.1, and 19.1.0.
Fortunately, both critical bugs were found during internal testing at Cisco and are not known to have been exploited in the wild.
Cisco has also disclosed 23 other high- and medium-severity vulnerabilities affecting a range of its products. Details are available on Cisco’s advisories and alerts page.
One notable flaw affects RV110W, RV130W, and RV215W Routers, which are vulnerable to a denial-of-service attack from an unauthenticated, remote attacker. The flaw resides in the web management interface of these devices due to improper checks on data supplied by users.
“An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to reload the device and cause a DoS condition,” Cisco explains.
Cisco in February urged customers to patch these devices due to a much more serious flaw affecting them. Both this and the newly disclosed bug were reported by researchers at security firm Pen Test Partners.