Cisco's virtual network interface hit by extremely severe bugs: patch now

Cisco has released fixes for three severe bugs in its Digital Network Architecture (DNA) Centre software that leave the door open to remote attackers. 

The three bugs all have a CVSS 3.0 Score of 10 out of a possible 10, indicating they’re the most severe vulnerabilities possible and need to be patched now. 

One of the three, logged as CVE-2018-0222, is caused by DNA Center having default and static administrative account credentials, which an attacker could use to log into an affected system and execute commands with root privileges. 

Cisco announced DNA Centre in the summer of 2017, offering customers network automation software and a centralized management interface for its “intent-based networking” system. Admins can use DNA Center to set policies for network segmentation, configure network infrastructure, and monitor network glitches. It ships as part of a dedicated appliance.  

The 1.1 release of DNA Center arrived in January 2018, so it and all subsequent releases until Release 1.1.3 are vulnerable.

Cisco discovered the bug during internal testing and the company says isn’t aware of any public reports or attacks that exploit the vulnerability. 

The second DNA Center bug, CVE-2018-0271, is an authentication bypass in its API gateway. The software doesn’t normalize URLs prior to servicing request. It would also allow an “unauthenticated, remote attacker to pass authentication and access critical services”, resulting in elevated privileges in DNA Center. 

This vulnerability affects Cisco DNA Center Software Releases prior to 1.1.2. Cisco isn’t aware of any public exploits for this flaw which was found during internal testing. 

A successful attack on the third issue affecting DNA Center could result in a “complete compromise” of affected Kubernetes containers within DNA Center. This vulnerability affects 1.1.3 and prior but is fixed in release 1.1.4 and later.   

“This vulnerability is due to an insecure default configuration of the Kubernetes container management subsystem within DNA Center. An attacker who has the ability to access the Kubernetes service port could execute commands with elevated privileges within provisioned containers. A successful exploit could result in a complete compromise of affected containers,” Cisco notes in its advisory for CVE-2018-0268

Some customers may have unknowingly plugged the vulnerabilities revealed today which were fixed in releases Cisco made available several months ago. 

DNA Center release 1.1.5 for example landed on April 6 and release 1.1.4 arrived in March. Any customer that hasn't already moved to a fixed release should probably do so soon given the severity of the now acknowledged bugs and recent attacks on switches with internet-exposed Cisco Smart Install software, which Australia recently attributed to advanced Russian hackers.  

Cisco also released 13 fixes for four high severity issues and nine medium severity ones.  

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags ciscoSDNvirtualized networks

More about AustraliaCiscoSmart

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts

Market Place