Cisco software update blocks exploit chain in network management software
John Leyden April 04, 2022 at 13:39 UTC
Updated: April 04, 2022 13:41 UTC
Patches released for Nexus Dashboard Fabric Controller vulnerabilities
A security researcher was able to achieve unauthenticated remote code execution on Cisco Nexus Dashboard Fabric Controller by exploiting an outdated Java library with known vulnerabilities.
Researcher, Pedro Ribeiro, managed to set up a damaging exploit against enterprise-grade network and storage management technology by chaining together a combination of vulnerabilities in the system.
The exploit chain allowed Ribeiro to escalate a web flaw to gain a root shell or full compromise.
ribeiro said The daily sip“The first bug is a Java deserialization vulnerability in an old library. Then I abuse another old Java library deserialization gimmick to get code running as a non-private user and finally a misconfigured sudo to do a privilege escalation to root.
The security researcher reported the issue to Cisco through Trend Micro’s Zero Day initiative about six months ago. Cisco was a bit slow to respond, but released a software update last month that fixed the issue Ribeiro discovered.
In response to a request from The daily sipCisco said the issue was resolved.
Keep up to date with the latest network security news and analysis
“On March 4, 2022, Cisco released a software update for Cisco Data Center Network Manager that includes a fix for the third-party software (TPS) vulnerability in Apache Flex BlazeDS identified as CVE-2017-5641.
“Cisco is tracking this vulnerability via its bug ID CSCvz62623 and is asking customers of this product to upgrade to software version 11.5(4).”
He added, “Cisco would like to thank Pedro Ribeiro of Agile Information Security working with the Trend Micro Zero Day Initiative for reporting this vulnerability.
The release of a Cisco Nexus Dashboard Fabric Controller update paved the way for Ribeiro to go public with vulnerability details and proof-of-concept exploit code with a technical blog post, published on GitHub this week. last.
The same technology was previously known as Cisco Data Center Network Manager (DCNM). In its previous form, Ribeiro found another (similar) critical remote code exaction vulnerability three years ago.
Ribeiro isn’t impressed with how Cisco handled his latest report.
“Cisco being Cisco as always,” said the researcher. “They only have this bug ID behind a wall of record. There is no mention of the bug in their global security center database [and] six months to repair is indeed a long time.
RECOMMENDED PHP bug allows attackers to bypass domain filters and stage DoS attacks against servers