IT systems audit specialists reported a critical vulnerability in the Cisco Digital Network Architecture Center (DNA) that, if exploited, could allow a non-authenticated threat actor to access critical internal system services.
Actually the company released 25 different
updates for several of its products. Two of the patches fix critical
vulnerabilities, seven are high-impact errors, and the remaining flaws are of
medium severity. The vulnerability that experts consider most severe,
CVE-2019-1848, exists due to insufficient restriction on access to the ports
required for Cisco DNA system operation, which serves to manage and correct
network errors. The vulnerability has received a score of 9.3/10 on the Common
Vulnerability Scoring System (CVSS) scale.
IT systems audit experts say this vulnerability
could be exploited by connecting an unauthorized device to the network.
Impacted Cisco DNA versions are all earlier than 1.3, so system administrators
will need to upgrade to a secure version.
Cisco SD-WAN, the company’s cloud architecture,
also had to be updated as it had severe security flaws. The most severe of
these failures, tracked as CVE-2019-1625, is privilege escalation vulnerability
in the SD-WAN command-line interface. According to IT systems audit
specialists, the vulnerability exists due to insufficient CLI authorization, so
hackers could authenticate to a device to execute arbitrary commands and gain
high privileges. The vulnerability impacts most Cisco solutions running an
SD-WAN version earlier than 18.3.6, primarily routers for industrial
environments.
Two other critical vulnerabilities were found
in SD-WAN. CVE-2019-1624 allows hackers to inject arbitrary code with root user
privileges. On the other hand, CVE-2019-1626 also exists in the SD-WAN web user
interface and could allow a remote hacker to obtain elevated privileges on a
compromised Cisco vManage device.
According to specialists from the International
Institute of Cyber Security (IICS), there is no evidence of any in the wild exploitation
attempt of these corrected vulnerabilities; however, administrators must update
their systems as soon as possible.
