Cisco warns of data centre kit flaws

28 June 2019

Inside a data centre

Inside a data centre

US giant Cisco has issued two advisories for facilities managers with regards to security issues identified in its data centre equipment.

The first concerns a critical flaw found in its digital network architecture (DNA) centre appliance, while the second (albeit less serious) affects the command-line interface of Cisco’s SD-WAN Solution.

Cisco, which issues patches when it uncovers flaws, said the vulnerability affects DNA centre software releases prior to 1.3.

“A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services,” it said. “The vulnerability is due to insufficient access restriction to ports necessary for system operation,” said Cisco. “An attacker could exploit this vulnerability by connecting an unauthorised network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access.”

Meanwhile, a second privilege escalation vulnerability affects the Cisco product running a release of the Cisco SD-WAN solution prior to releases 18.3.6, 18.4.1 and 19.1.0.

“A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device,” Cisco warned.