Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0246
Cisco Data Center Network Manager multiple vulnerabilities
21 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco Data Center Network Manager
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Modify Arbitrary Files -- Existing Account
Delete Arbitrary Files -- Existing Account
Cross-site Scripting -- Remote with User Interaction
Access Confidential Data -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Unauthorised Access -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-1286 CVE-2021-1283 CVE-2021-1277
CVE-2021-1276 CVE-2021-1272 CVE-2021-1270
CVE-2021-1269 CVE-2021-1255 CVE-2021-1253
CVE-2021-1250 CVE-2021-1249 CVE-2021-1248
CVE-2021-1247 CVE-2021-1135 CVE-2021-1133
CVE-2020-1276
Reference: ASB-2020.0107
ESB-2020.3874
ESB-2020.3402
ESB-2020.3063
ESB-2020.2532
ESB-2020.2009.3
ESB-2020.1899
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-OHBPbxu
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-cert-check-BdZZV9T3
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-info-disc-QCSJB6YG
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-api-path-TpTApx2p
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-sql-inj-OAQOObP
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-ssrf-F2vX6q5p
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-xss-vulns-GuUJ39gh
Comment: This bulletin contains seven (7) Cisco Systems security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Cisco Data Center Network Manager Authorization Bypass Vulnerabilities
Priority: Medium
Advisory ID: cisco-sa-dcnm-authbypass-OHBPbxu
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvu57868 CSCvv87627
CVE Names: CVE-2021-1269 CVE-2021-1270
Summary
o Multiple vulnerabilities in the web-based management interface of Cisco
Data Center Network Manager (DCNM) could allow an authenticated, remote
attacker to view, modify, and delete data without proper authorization.
For more information about these vulnerabilities, see the Details section
of this advisory.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-OHBPbxu
Affected Products
o Vulnerable Products
At the time of publication, these vulnerabilities affected Cisco DCNM
releases earlier than Release 11.5(1).
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.
Details
o The vulnerabilities are not dependent on one another; exploitation of one
of the vulnerabilities is not required to exploit the other vulnerability.
In addition, a software release that is affected by one of the
vulnerabilities may not be affected by the other vulnerability.
Details about the vulnerabilities are as follows:
CVE-2021-1270: Cisco DCNM Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco DCNM could
allow an authenticated, remote attacker to modify the configuration without
proper authorization.
This vulnerability is due to a failure to limit access to resources that
are intended for users with Administrator privileges. An attacker could
exploit this vulnerability by sending a crafted HTTP request to an affected
device. A successful exploit could allow a low-privileged attacker to edit
the configuration. To exploit this vulnerability, an attacker would need
valid nonadministrative credentials.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvv87627
CVE-ID: CVE-2021-1270
Security Impact Rating (SIR): Medium
CVSS Base Score: 7.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2021-1269: Cisco DCNM Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco DCNM could
allow an authenticated, remote attacker to bypass authorization on an
affected device and access sensitive information that is related to the
device.
This vulnerability is due to a failure to limit access to resources that
are intended for users with Administrator privileges. An attacker could
exploit this vulnerability by sending a crafted HTTP request to an affected
device. A successful exploit could allow a low-privileged attacker to list,
view, create, edit, and delete specific system configurations in the same
manner as a user with Administrator privileges.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvu57868
CVE-ID: CVE-2021-1269
Security Impact Rating (SIR): Medium
CVSS Base Score: 6.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Workarounds
o There are no workarounds that address these vulnerabilities.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco DCNM releases 11.5(1) and later contained
the fix for these vulnerabilities.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.
Source
o These vulnerabilities were found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-OHBPbxu
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-JAN-20 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco Data Center Network Manager Certificate Validation Vulnerabilities
Priority: High
Advisory ID: cisco-sa-dcnm-cert-check-BdZZV9T3
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvv35346 CSCvv35348 CSCvv35354 CSCvv82441
CVE Names: CVE-2021-1276 CVE-2021-1277
CWEs: CWE-295
Summary
o Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could
allow an attacker to spoof a trusted host or construct a man-in-the-middle
attack to extract sensitive information or alter certain API requests.
These vulnerabilities are due to insufficient certificate validation when
establishing HTTPS requests with the affected device.
For more information about these vulnerabilities, see the Details section
of this advisory.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-cert-check-BdZZV9T3
Affected Products
o Vulnerable Products
These vulnerabilities affect Cisco Data Center Network Manager releases
earlier than 11.5(1).
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.
Details
o The vulnerabilities are not dependent on one another; exploitation of one
of the vulnerabilities is not required to exploit the other vulnerability.
In addition, a software release that is affected by one of the
vulnerabilities may not be affected by the other vulnerability.
Details about the vulnerabilities are as follows:
CVE-2020-1276: Cisco Data Center Network Manager Certificate Validation
Vulnerability
A vulnerability in the Device Manager application of Cisco DCNM could allow
an unauthenticated, remote attacker to modify a specific API request that
is used to verify a user's authentication token.
This vulnerability is due to a lack of validation of the SSL certificate
used when establishing a connection to the Device Manager application. An
attacker could exploit this vulnerability by sending a crafted HTTP request
to an affected device. A successful exploit could allow the attacker to
alter a specific API request.
Bug ID(s): CSCvv82441
CVE ID: CVE-2021-1276
Security Impact Rating (SIR): High
CVSS Base Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2021-1277: Cisco Data Center Network Manager Certificate Validation
Vulnerability
A vulnerability in Cisco DCNM could allow an unauthenticated, remote
attacker to spoof a trusted host or construct a man-in-the-middle attack to
extract sensitive information from the affected device.
This vulnerability is due to a lack of certificate validation. An attacker
could exploit this vulnerability by using a crafted X.509 certificate and
could then intercept communications. A successful exploit could allow the
attacker to view and alter potentially sensitive information that DCNM
maintains about clients that are connected to the network.
Bug ID(s): CSCvv35348 , CSCvv35346 , CSCvv35354
CVE ID: CVE-2021-1277
Security Impact Rating (SIR): Medium
CVSS Base Score: 6.5
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Workarounds
o There are no workarounds that address these vulnerabilities.
Fixed Software
o Cisco has released free software updates that address the vulnerabilities
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
Cisco fixed these vulnerabilities in Cisco DCNM releases 11.5(1) and later.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.
Source
o These vulnerabilities were found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-cert-check-BdZZV9T3
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-JAN-20 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco Data Center Network Manager Information Disclosure Vulnerability
Priority: Medium
Advisory ID: cisco-sa-dcnm-info-disc-QCSJB6YG
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvv07941 CSCvv07942 CSCvv07945 CSCvv07947
CVE Names: CVE-2021-1283
CWEs: CWE-789
Summary
o A vulnerability in the logging subsystem of Cisco Data Center Network
Manager (DCNM) could allow an authenticated, local attacker to view
sensitive information in a system log file that should be restricted.
The vulnerability exists because sensitive information is not properly
masked before it is written to system log files. An attacker could exploit
this vulnerability by authenticating to an affected device and inspecting a
specific system log file. A successful exploit could allow the attacker to
view sensitive information in the system log file. To exploit this
vulnerability, the attacker would need to have valid user credentials.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-info-disc-QCSJB6YG
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected Cisco DCNM releases
earlier than Release 11.5(1).
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco DCNM releases 11.5(1) and later contained
the fix for this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-info-disc-QCSJB6YG
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-JAN-20 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco Data Center Network Manager REST API Vulnerabilities
Priority: Medium
Advisory ID: cisco-sa-dcnm-api-path-TpTApx2p
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvt82606 CSCvu28383 CSCvu28385
CVE Names: CVE-2021-1133 CVE-2021-1135 CVE-2021-1255
CWEs: CWE-184 CWE-20 CWE-807
CVSS Score:
6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:X
Summary
o Multiple vulnerabilities in the REST API endpoint of Cisco Data Center
Network Manager (DCNM) could allow an authenticated, remote attacker to
view, modify, and delete data without proper authorization.
For more information about these vulnerabilities, see the Details section
of this advisory.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-api-path-TpTApx2p
Affected Products
o Vulnerable Products
At the time of publication, these vulnerabilities affected Cisco DCNM
releases earlier than Release 11.4(1).
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Details
o The vulnerabilities are not dependent on one another. Exploitation of one
of the vulnerabilities is not required to exploit the other
vulnerabilities. In addition, a software release that is affected by one of
the vulnerabilities may not be affected by the other vulnerabilities.
Details about the vulnerabilities are as follows.
CVE-2021-1133: Cisco Data Center Network Manager Path Traversal
Vulnerability
A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM)
could allow an authenticated, remote attacker with a low-privilege account
to conduct a path traversal attack on an affected device.
The vulnerability is due to insufficient validation of user-supplied input
to the API. An attacker could exploit this vulnerability by sending a
crafted request to the API. A successful exploit could allow the attacker
to delete arbitrary files on the file system.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvt82606
CVE-ID: CVE-2021-1133
Security Impact Rating (SIR): Medium
CVSS Base Score: 6.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-1255: Cisco Data Center Network Manager Path Traversal
Vulnerability
A vulnerability in a certain REST API endpoint of Cisco Data Center Network
Manager (DCNM) could allow an authenticated, remote attacker to perform a
path traversal attack on an affected device.
The vulnerability is due to insufficient path restriction enforcement. An
attacker could exploit this vulnerability by sending crafted HTTP requests
to an affected device. A successful exploit could allow the attacker to
overwrite or list arbitrary files on the affected device.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvu28383
CVE-ID: CVE-2021-1255
Security Impact Rating (SIR): Medium
CVSS Base Score: 4.6
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
CVE-2021-1135: Cisco DCNM Software Configuration Bypass Vulnerability
A vulnerability in a certain REST API endpoint of Cisco Data Center Network
Manager could allow an authenticated, remote attacker to bypass security
controls and modify default server configuration settings on the affected
device.
The vulnerability is due to an incorrect comparison in a denylist
implementation. An attacker could exploit this vulnerability by sending
specially crafted network traffic to the affected software. A successful
exploit could allow the attacker to modify server configuration settings on
the affected device.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvu28385
CVE-ID: CVE-2021-1135
Security Impact Rating (SIR): Medium
CVSS Base Score: 4.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Workarounds
o There are no workarounds that address these vulnerabilities.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco DCNM releases 11.4(1) and later contained
the fix for these vulnerabilities.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.
Source
o These vulnerabilities were found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-api-path-TpTApx2p
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-JAN-20 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco Data Center Network Manager SQL Injection Vulnerabilities
Priority: High
Advisory ID: cisco-sa-dcnm-sql-inj-OAQOObP
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvv82432 CSCvv82433
CVE Names: CVE-2021-1247 CVE-2021-1248
CWEs: CWE-89
Summary
o Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center
Network Manager (DCNM) could allow an authenticated, remote attacker to
execute arbitrary SQL commands on an affected device.
For more information about these vulnerabilities, see the Details section
of this advisory.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-sql-inj-OAQOObP
Affected Products
o Vulnerable Products
These vulnerabilities affect Cisco DCNM releases earlier than Release 11.5
(1).
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.
Details
o The vulnerabilities are not dependent on one another. Exploitation of one
of the vulnerabilities is not required to exploit the other vulnerability.
In addition, a software release that is affected by one of the
vulnerabilities may not be affected by the other vulnerability.
Details about the vulnerabilities are as follows.
CVE-2021-1247: Cisco DCNM SQL Injection Vulnerability
A vulnerability in a REST API endpoint of Cisco DCNM could allow an
authenticated, remote attacker with lower-level privileges to execute
arbitrary SQL commands on an affected device.
This vulnerability is due to insufficient validation of user-supplied input
to the API. An attacker with lower-level privileges, such as
network-operator , could exploit this vulnerability by sending a crafted
request to the API. A successful exploit could allow the attacker to view
information that they are not authorized to view, make changes to the
system that they are not authorized to make, or execute commands within the
underlying operating system that may affect the availability of the device.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvv82432
CVE ID: CVE-2021-1247
Security Impact Rating (SIR): High
CVSS Base Score: 8.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-1248: Cisco DCNM SQL Injection Vulnerability
A vulnerability in a REST API endpoint of Cisco DCNM could allow an
authenticated, remote attacker with administrative privileges to execute
arbitrary SQL commands on an affected device.
This vulnerability is due to insufficient validation of user-supplied input
to the API. An attacker with administrative privileges could exploit this
vulnerability by sending a crafted request to the API. A successful exploit
could allow the attacker to view information that they are not authorized
to view, make changes to the system that they are not authorized to make,
or execute commands within the underlying operating system that may affect
the availability of the device.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvv82433
CVE ID: CVE-2021-1248
Security Impact Rating (SIR): High
CVSS Base Score: 7.2
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Workarounds
o There are no workarounds that address these vulnerabilities.
Fixed Software
o Cisco has released free software updates that address the vulnerabilities
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
Cisco fixed these vulnerabilities in Cisco DCNM releases 11.5(1) and later.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.
Source
o These vulnerabilities were found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-sql-inj-OAQOObP
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-JAN-20 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco Data Center Network Manager Server-Side Request Forgery Vulnerability
Priority: High
Advisory ID: cisco-sa-dcnm-ssrf-F2vX6q5p
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvv82444
CVE Names: CVE-2021-1272
CWEs: CWE-918
Summary
o A vulnerability in the session validation feature of Cisco Data Center
Network Manager (DCNM) could allow an unauthenticated, remote attacker to
bypass access controls and conduct a server-side request forgery (SSRF)
attack on a targeted system.
This vulnerability is due to insufficient validation of parameters in a
specific HTTP request by an attacker. An attacker could exploit this
vulnerability by sending a crafted HTTP request to an authenticated user of
the DCNM web application. A successful exploit could allow the attacker to
bypass access controls and gain unauthorized access to the Device Manager
application, which provides access to network devices managed by the
system.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-ssrf-F2vX6q5p
Affected Products
o Vulnerable Products
This vulnerability affects Cisco DCNM Software if it is running a release
earlier than 11.5(1).
This vulnerability affects DCNM-Storage Area Network (SAN) deployments ,
including the following:
Open Virtual Appliance (OVA) deployments
Windows DCNM-SAN installations
Linux DCNM-SAN installations
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o Cisco has released free software updates that address the vulnerability
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
Cisco fixed this vulnerability in Cisco DCNM software releases 11.5(1) and
later.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-ssrf-F2vX6q5p
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-JAN-20 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco Data Center Network Manager Vulnerabilities
Priority: Medium
Advisory ID: cisco-sa-dcnm-xss-vulns-GuUJ39gh
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvu50101 CSCvu68933 CSCvv00638 CSCvv00642 CSCvv00643
CSCvv00644 CSCvv00645 CSCvv00646 CSCvv00654 CSCvv07930
CSCvv87589 CSCvv87602 CSCvv87608 CSCvv87614
CVE Names: CVE-2021-1249 CVE-2021-1250 CVE-2021-1253 CVE-2021-1286
CWEs: CWE-20 CWE-79
Summary
o Multiple vulnerabilities in the web-based management interface of Cisco
Data Center Network Manager (DCNM) could allow a remote attacker with
network-operator privileges to conduct a cross-site scripting (XSS) attack
or a reflected file download (RFD) attack against a user of the interface.
For more information about these vulnerabilities, see the Details section
of this advisory.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-xss-vulns-GuUJ39gh
Affected Products
o Vulnerable Products
At the time of publication, these vulnerabilities affected Cisco DCNM
releases earlier than Release 11.5(1).
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.
Details
o The vulnerabilities are not dependent on one another. Exploitation of one
of the vulnerabilities is not required to exploit the other vulnerability.
In addition, a software release that is affected by one of the
vulnerabilities may not be affected by the other vulnerability.
Details about the vulnerabilities are as follows.
CVE-2021-1249: Cisco DCNM Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco
DCNM could allow an authenticated, remote attacker to conduct an XSS attack
against a user of the interface.
These vulnerabilities are due to insufficient input validation by the
web-based management interface. An attacker could exploit these
vulnerabilities by inserting malicious data into a specific data field in
the interface. A successful exploit could allow the attacker to execute
arbitrary script code in the context of the affected interface or access
sensitive, browser-based information.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
Bug ID(s): CSCvv00645 , CSCvu50101 , CSCvu49711 , CSCvu68933
CVE ID: CVE-2021-1249
Security Impact Rating (SIR): Medium
CVSS Base Score: 6.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CVE-2021-1286: Cisco DCNM Reflected File Download Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco
DCNM could allow an unauthenticated, remote attacker to conduct an RFD
attack against a user of the interface of an affected device.
These vulnerabilities are due to insufficient validation of user-supplied
input by the web-based management interface. An attacker could exploit
these vulnerabilities by persuading an authenticated user of the interface
to click a link that submits malicious input to the interface. A successful
exploit could allow the attacker to execute arbitrary script code on the
affected device.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
Bug ID(s): CSCvv87608 , CSCvv87589 , CSCvv87602
CVE ID: CVE-2021-1286
Security Impact Rating (SIR): Medium
CVSS Base Score: 6.1
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
CVE-2021-1250: Cisco DCNM Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco
DCNM could allow an authenticated, remote attacker to conduct an XSS attack
against a user of the interface.
These vulnerabilities are due to insufficient input validation by the
web-based management interface. An attacker could exploit these
vulnerabilities by inserting malicious data into a specific data field in
the interface. A successful exploit could allow the attacker to execute
arbitrary script code in the context of the affected interface or access
sensitive, browser-based information.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
Bug ID(s): CSCvv00642 , CSCvv87614 , CSCvv00638 , CSCvv00644 , CSCvv00654 ,
CSCvv00643
CVE ID: CVE-2021-1250
Security Impact Rating (SIR): Medium
CVSS Base Score: 5.9
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
CVE-2021-1253: Cisco DCNM Persistent Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco
DCNM could allow an authenticated, remote attacker to conduct an XSS attack
against a user of the interface.
These vulnerabilities are due to insufficient input validation by the
web-based management interface. An attacker could exploit these
vulnerabilities by inserting malicious data into a specific data field in
the interface. A successful exploit could allow the attacker to execute
arbitrary script code in the context of the affected interface or access
sensitive, browser-based information.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
Bug ID(s): CSCvv07930 , CSCvv00646
CVE ID: CVE-2021-1253
Security Impact Rating (SIR): Medium
CVSS Base Score: 5.9
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Workarounds
o There are no workarounds that address these vulnerabilities.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco Data Center Network Manager releases 11.5
(1) and later contained the fix for these vulnerabilities.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.
Source
o These vulnerabilities were found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-xss-vulns-GuUJ39gh
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-JAN-20 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYAkX2uNLKJtyKPYoAQhBPw//Sf6Ygf/j2PMfs3S+wzBCEt2z47IGbgsK
t5zkciYRd56y+0y+SGs3oniZTFbd19gLN4WqzYcavLcJFGzBHvPnq78G+tLnts5J
OlM4DCilgcyaVPPA3mz6doKL8ttNeVnXWVVkMSxQnJIKCuPci6Sys/fJoGBbX0NJ
ROeeqQa4CZRgeH8ecyy3tvpPapRbXC+Xuye058KQOl0Ei06zxuO9LwAVB2kYLsbw
3O2x61xOInuwcMNasPq/EkyFKvL2zQnWfUWG1qTCGLOWqtlh6bM6zvAsDIpYm6Sw
QJ+/u7Y7Qtk5mtGihIWxNEsW9KUIqHcR91Fu3n0nizTobtw25yeCeW2otdAEZcyH
bg79/wmUpnYnKX5pmJlD5i2TE8GTevVTh2dfCyd8eJH5fHDDp5kFFA0Ski+kBEoB
VuTowQdeeWu58cyEdInZJ/gDoVt6wEnsOCVpE/Gjc3QupOIV/55cHU0RQyUY1g8Z
uowsqwAanE8C1E9b8sH81v7pj2Wrz23PrypasCHBbDND9Jatqa26GstMsyZ7fthf
qz5eNgz9qvPeRQxVDEyFjl4yTAQQ8ALYjv8WIAEvD7oyi3x/Yt+cae/fjUeigfS9
1m0vmH2v7kantc29yctj9VCHFDquAvkmSznnB31W4lujIDty2/lydPmYb/AXUOJc
dXhNryjzQ54=
=QwFo
-----END PGP SIGNATURE-----