CIO

Cisco: patch your data center switch manager software now

  • Liam Tung (CSO Online)
  • 30 August, 2018 04:07

Cisco has released a patch to fix a high severity security flaw affecting its Data Center Network Manager software for managing switches deployed in large data centers. 

The networking company released the patch on Tuesday and notes there is a publicly available proof-of-concept exploit for the flaw, which could give remote attackers access to sensitive files. The attacker however would need valid credentials to pull off the hack and Cisco hasn’t seen any attacks in the wild to date. 

Cisco Data Center Network Manager (DCNM) software is used for managing Cisco switches and routers that connect devices on enterprise local area networks (LAN) and storage area networks (SAN). The software manages Cisco’s Nexus switches and its MDS enterprise SAN switches.

According to Cisco, all DCNM releases prior to 11.0 (1), which it made available in July, are vulnerable to a directory or path traversal attack. 

“The vulnerability is due to improper validation of user requests within the management interface,” Cisco explained

“An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system.”

Tenable, the security firm credited with reporting the bug, notes the flaw was in the Download Servlet component of Cisco’s web app. The bug could allow an authenticated, remote attacker to read any files and create directories of their own choice on targeted systems.   

Cisco equipment and software has been the spotlight after US-CERT warned that Russia hackers were targeting its Smart Install protocol. Cisco's Talos Intelligence team found nearly 170,000 systems were exposed to attackers via the Smart Install Client, a legacy tool for quickly deploying its switches.  

Earlier this month it warned admins to patch a flaw that could allow remote attackers to disable its security appliance until a reboot.