Do you use Cisco’s Data Center Manager Software? If so, be advised that the company recently issued an advisory concerning a serious security flaw.
The advisory reads, in part, as follows:
“The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.
…A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. The attacker may be able to access sensitive information, modify the system configuration, or impact the availability of the affected system.”
The bug is being tracked as CVE-2020-3382. The essence of the issue is that an attacker can use the static key to generate a valid session token on an affected device and make use of the REST API with administrative privileges. This would allow them to do pretty much anything they please.
There are no known workarounds for the issue, and it affects DCNM versions 11.0, 11.1, 11.2, and 11.3. If you’re currently running any of those, you’ll want to update to the latest version right away. This one has a severity rating of 9.8 out of a possible 10.
The company was quick to point out that there have been no known instances of hackers actually making use of this exploit yet. However, given its severity and the fact that there are no workarounds for it, your best bet is to update your software as soon as possible.
Be sure your IT staff is aware, and make sure they make updating a high priority. This one’s serious enough to warrant immediate attention.
