Cisco has issued 16 security warnings on May 16th among them there are three vulnerabilities that are rated as critical and have received 10/10 severity score. These three vulnerabilities have a backdoor and two bypasses of authentication used in Cisco’s Digital Network Architecture Center. The Cisco DNA Center is a piece of software that is currently focused on enterprise clients and provides the central system for designing and deploying device configurations within a large network of devices. The software is complex according to the company but a recent internal audit has revealed a big security flaw in the system.
The CVE-2018-0222 is the easiest to take advantage. The company describes this flaw as “undocumented, static user credentials or the default administrative account”. Which in layman’s terms is a backdoor account in the system! Although the company didn’t provide the default username and password, this vulnerability grants the attacker with root privileges to the system. The Network Administrators are issued with a security patch to remove these accounts ASAP.
The CVE-2018-0268 targets the authentication of Kubernetes container management system which is a subsystem embedded inside the Cisco’s DNA Center. “An attacker who has the ability to access the Kubernetes service port could execute commands with elevated privileges within provisioned containers,” Cisco said. “A successful exploit could result in a complete compromise of affected containers.”
There are no workarounds on this flaw and the system administrators need to update with the latest Cisco’s patch to fix this vulnerability.
CVE-2018-0271 tries to bypass the Cisco’s DNA Center’s API gateway. “The vulnerability is due to a failure to normalize URLs prior to maintaining requests,” Cisco explained. “An attacker could exploit this vulnerability by presenting a crafted URL designed to exploit the issue. A successful exploit could allow the attacker to gain unauthenticated access to critical services, resulting in elevated privileges in DNA Center.”
The company fixed all of the issues by providing an update to its enterprise software. The company has conducted massive internal audits to discover these vulnerabilities. Cisco decided to hunt and root out any similar backdoors before attackers found them first.
Take your time to comment on this article.