ESB-2017.3045 - [Cisco] Cisco Data Center Network Manager (DCNM): Multiple vulnerabilities 2017-11-30

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.3045
                          cisco-sa-20171129-dcnm
                             30 November 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Data Center Network Manager (DCNM)
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Cross-site Scripting            -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-12347 CVE-2017-12346 CVE-2017-12345
                   CVE-2017-12344 CVE-2017-12343 

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm

- --------------------------BEGIN INCLUDED TEXT--------------------

Medium

 Advisory ID:
 
cisco-sa-20171129-dcnm

First Published:
2017 November 29 16:00  GMT
 
 Version 1.0:
 
Final
 
Workarounds:
 
No workarounds available
Cisco Bug IDs:
CSCvf40477
CSCvf63150
CSCvf68218
CSCvf40477
CSCvf63150
CSCvf68218
CSCvf68235
CSCvf68247
CVE-2017-12343
CVE-2017-12344
CVE-2017-12345
CVE-2017-12343
CVE-2017-12344
CVE-2017-12345
CVE-2017-12346
CVE-2017-12347
CWE-113
CWE-20
CWE-79
CVSS Score:
 Base 6.1
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X

 
 Summary
  
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM)
Software could allow a remote attacker to inject arbitrary values into
DCNM configuration parameters, redirect a user to a malicious website,
inject malicious content into a DCNM client interface, or conduct a
cross-site scripting (XSS) attack against a user of the affected
software.
For more information about these vulnerabilities, see the Details
section of this security advisory.
There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-20171129-dcnm
 Affected Products
 
 
 Vulnerable Products
 
 
These vulnerabilities affect all releases of Cisco Data Center Network
Manager (DCNM) Software prior to the first fixed release. For
information about affected software releases, consult the Cisco bug
IDs at the top of this advisory.
 Products Confirmed Not Vulnerable
 
 
No other Cisco products are currently known to be affected by these
vulnerabilities.
 Details
 
 
Five vulnerabilities in Cisco Data Center Network Manager (DCNM)
Software could allow a remote attacker to inject arbitrary values into
DCNM configuration parameters, redirect a user to a malicious website,
inject malicious content into a DCNM client interface, or conduct a
cross-site scripting (XSS) attack against a user of the affected
software.
The vulnerabilities are not dependent on one another; exploitation of
one of the vulnerabilities is not required to exploit another
vulnerability. In addition, a software release that is affected by one
of the vulnerabilities may not be affected by the other
vulnerabilities.
Details about the vulnerabilities are as follows.
Cisco Data Center Network Manager Bypass Client-Side Validation
Parameters Vulnerability
A vulnerability in the web-based management interface of Cisco DCNM
Software could allow an authenticated, remote attacker to inject
arbitrary values into DCNM configuration parameters for an affected
system, which could allow the attacker to execute arbitrary code on
the affected system.
The vulnerability is due to insufficient server-side validation of
user-supplied data in HTTP payloads that are sent to the affected
software. An attacker could exploit this vulnerability by bypassing
server-side protections and injecting arbitrary values into certain
configuration parameters for the affected software. A successful
exploit could allow the attacker to inject arbitrary values into DCNM
configuration parameters and execute arbitrary code on the affected
system.
The CVE ID for this vulnerability is: CVE-2017-12343
The Security Impact Rating (SIR) for this vulnerability is: Medium
Cisco Data Center Network Manager HTTP Header Injection Vulnerability
A vulnerability in the web interface of Cisco DCNM Software could
allow an unauthenticated, remote attacker to redirect a user of the
affected interface to a malicious, attacker-controlled website.
The vulnerability is due to insufficient input validation of values in
HTTP header parameters that are sent to the web interface of the
affected software. An attacker could exploit this vulnerability by
persuading a user to click a malicious link and injecting malicious
HTTP headers into HTTP messages that are sent to or from the affected
software. A successful exploit could allow the attacker to redirect a
user of the affected software to a malicious, attacker-controlled
website.
The CVE ID for this vulnerability is: CVE-2017-12344
The SIR for this vulnerability is: Medium
Cisco Data Center Network Manager Content Spoofing Vulnerability
A vulnerability in the web interface of Cisco DCNM Software could
allow an unauthenticated, remote attacker to inject malicious content
into the content that is displayed by the affected interface.
The vulnerability is due to insufficient input validation of user-
supplied values in HTTP parameters that are sent to the web interface
of the affected software. An attacker could exploit this vulnerability
by injecting malicious HTTP parameter values into HTTP messages that
are sent to the affected software. A successful exploit could allow
the attacker to inject malicious content into the content that is
displayed by the web interface of the affected software, which could
allow the attacker to persuade a user to follow malicious instructions
or click a malicious link.
The CVE ID for this vulnerability is: CVE-2017-12345
The SIR for this vulnerability is: Medium
Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco DCNM
Software could allow an unauthenticated, remote attacker to conduct a
stored XSS attack against a user of the affected interface, which
could allow the attacker to execute arbitrary script code or access
sensitive browser-based information.
The vulnerability is due to insufficient validation of user-supplied
input by the web-based management interface of the affected software.
An attacker could exploit this vulnerability by persuading a user of
the affected interface to click a malicious link. A successful exploit
could allow the attacker to execute arbitrary script code in the
context of the interface or allow the attacker to access sensitive
browser-based information on the users system.
The CVE ID for this vulnerability is: CVE-2017-12346
The SIR for this vulnerability is: Medium
Cisco Data Center Network Manager Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco DCNM
Software could allow an unauthenticated, remote attacker to conduct a
reflected XSS attack against a user of the affected interface, which
could allow the attacker to execute arbitrary script code or access
sensitive browser-based information.
The vulnerability is due to insufficient validation of user-supplied
input by the web-based management interface of the affected software.
An attacker could exploit this vulnerability by persuading a user of
the affected interface to click a malicious link. A successful exploit
could allow the attacker to execute arbitrary script code in the
context of the interface or allow the attacker to access sensitive
browser-based information on the users system.
The CVE ID for this vulnerability is: CVE-2017-12347
The SIR for this vulnerability is: Medium
 
Workarounds
 
 There are no workarounds that address these vulnerabilities.

 Fixed Software
 
 For information about fixed software releases, consult the Cisco bug
IDs at the top of this advisory.
When considering software upgrades, customers are advised to regularly
consult the advisories for Cisco products, which are available from
the Cisco Security Advisories and Alerts page, to determine exposure
and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and
software configurations will continue to be supported properly by the
new release. If the information is not clear, customers are advised to
contact the Cisco Technical Assistance Center (TAC) or their
contracted maintenance providers.
 
Exploitation and Public Announcements
 
 The Cisco Product Security Incident Response Team (PSIRT) is not aware
of any public announcements or malicious use of the vulnerabilities
that are described in this advisory.
 
Source
 
 Cisco would like to thank Application Security Consultant
Indrajith.A.N for reporting these vulnerabilities.

 Cisco Security Vulnerability Policy
  
To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy. This document
also contains instructions for obtaining fixed software and receiving
security vulnerability information from Cisco.

 Action Links for This Advisory
 
Understanding Cross-Site Scripting (XSS) Threat Vectors
 
 Related to This Advisory
 
Cross-Site Scripting
 
URL
  
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-20171129-dcnm
 
Revision History
Version	Description		Section	Status	Date
1.0	Initial public release.	—	Final	2017-November-29

Legal Disclaimer
 
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that
omits the distribution URL is an uncontrolled copy and may lack
important information or contain factual errors. The information in
this document is intended for end users of Cisco products.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWh9+FYx+lLeg9Ub1AQik9Q/+PFYyoRhMWNIlcevo9YpNyAMpCiMQ+SXX
00Mm3YSJUN1pMzD/vWJcUSJRQYGLGDmpXI/v0P/9n3oWLFNPYBBgAoKBVyywdURq
ji2JYTEqUWE7TqDSMooYgxjw5V5r/6drvpiTKufpXmT0X2NEYNf0Jp7P+vHMli4L
U2eteCOHhQXM4fgnYwEZ/9yHrPuVmM3F3T0IobPLx+PRPfmhq2EbkROPqCOY3O5o
RSdWWzbc/xWbEh9Rbe1p+YQLdSawVjIZg1K51P3HOboVE6ynFOekJyS2GC8HZtbN
L8GdsdCDbTDY0kT5cfuC9Z7HUlcfd82SoL7cZgYrYPSKROL5m6wEzTuvLx2FPibD
dpdRA5w0E6IuSkvd7L71Qn8dh9a7o1zS2oUhc8MhmIbX+fESnC7Yap8bQUCHna4y
vJ4F1cgsXW4ECMOZj4/fzxsiz2YagqkhXSWKVTPGFCNHMJTcqovR1z3KrFkBRoJe
y46YozbZdmuvdMiiMMBzEf+fD2cENzm8JC7q3noQtBxxtdPkoxSfmYeUqUHZLet5
G3dA7KvC3bZcmFvaP9JgYPc3XEr8TXrKv7amHud+Jl0zKx62T9ccOBxcBAOsifIg
J2efCYv1jaqs9O67xE30YOp429BKOOv5fdEHunvGINYWT6skKdPRfDTflfDGCK3w
CYX9Axv9W70=
=faLE
-----END PGP SIGNATURE-----

« Back to bulletins