A researcher has publicly released some proof-of-concept (PoC) exploits and technical details for flaws in Cisco’s Data Center Network Manager (DCNM).

Early this month, Cisco released security updates for its Cisco’s Data Center Network Manager (DCNM) product that address several critical and high-severity vulnerabilities.

All the vulnerabilities were reported to Cisco through Trend Micro’s Zero Day Initiative (ZDI) and Accenture’s iDefense service by the security researcher Steven Seeley of Source Incite and Harrison Neal from PatchAdvisor.

Cisco published six advisories for a dozen vulnerabilities, eleven of them were reported by Seeley, three of these issues have been rated as critical and seven as high severity. The issues reported by Neal have been rated as medium severity.

Some of the critical flaws addressed by Cisco in DCNM could be exploited by attackers to bypass authentication and execute arbitrary actions with admin privileges on the vulnerable devices.

“Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device.” reads the advisory published by Cisco.

“For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.”

The vulnerabilities have been tracked as CVE-2019-15975, CVE-2019-15976 and CVE-2019-15977. The issues affect the REST API endpoint, the SOAP API endpoint and the web-based management interface.

Cisco also addressed two of the high-severity SQL injection flaws that could be exploited by an attacker with administrative privileges to execute arbitrary SQL commands on a vulnerable device.

Three of the high-severity weaknesses could be exploited by an attacker to conduct path traversals, and two other high-severity issues by exploited by an attacker with admin rights to inject arbitrary commands on the underlying operating system.

Seeley provided technical details for three remote code execution chains and various techniques implemented in his exploits.

“In this post, I share three (3) full exploitation chains and multiple primitives that can be used to compromise different installations and setups of the Cisco DCNM product to achieve unauthenticated remote code execution as SYSTEM/root. In the third chain, I (ab)use the java.lang.InheritableThreadLocal class to perform a shallow copy to gain access to a valid session.” wrote Seeley in a blog post.

Cisco has updated the advisories informing its customers of the availability of PoC exploits.

“The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.” states Cisco.

“Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory. “

The information contained in this website is for general information purposes only. The information is gathered from SECURITY AFFAIRS, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.  Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.