Cisco has released security updates that address three critical flaws in their Cisco Data Center Network Manager (DCNM) and several SD-WAN software products. The company also issued advisories on eight other high to medium severity flaws found in their DCNM software. With a score of 9.8/10 on the CVSS system, the authentication bypass vulnerability tracked as CVE-2020-3382 would allow an attacker to bypass authentication through the REST API and remotely execute arbitrary actions on vulnerable devices with administrator privileges. Other flaws include two vulnerabilities in their SD-WAN vManage Software and SD-WAN vEdge Solution Software that would allow an attacker to bypass authentication and allow them full access to affected systems. These two flaws are tracked as CVE-2020-3374 and CVE-2020-3375 and each received a CVSS score of 9.9/10.
Analyst Notes
In all, there are a total of 11 advisories that CISCO is addressing that range from critical to medium severity. Network administrators are highly recommended to download the patches from the Cisco website and apply them as soon as possible. It is also advisable to routinely audit security protocols through the use of companies such as TrustedSec that perform penetration testing and provide fixes to any/all security flaws that are found.
Source Article: https://www.bleepingcomputer.com/news/security/cisco-fixes-severe-flaws-in-data-center-management-solution/
Cisco Advisory: https://tools.cisco.com/security/center/publicationListing.x
