New Highly-Critical Cisco Nexus Security Flaws - Require Urgent Update (Jun 27, 2019)
Admins using Cisco's automation software or Nexus kit are being urged by Cisco to patch core network-management software. The two security bugs are considered highly critical, and affect Cisco’s Data Center Network Manager (DCNM) software in its web-based management interface. The first flaw, “CVE-2019-1619,” is an authentication bypass that allows an attacker to take a valid session cookie without knowing the admin user password. The second vulnerability, “CVE-2019-1620,” would allow anyone on the internet to upload malicious files on the DCNM filesystem on affected devices. According to Cisco, the vulnerability is due to incorrect permission settings, which could be exploited to gain root privileges on the affected device.
Recommendation: Cisco has released a patch for both CVE-2019-1619 and 1620. Your company should be on the lookout for the necessary security patches and apply them as soon as possible. Additionally, measures should be in place to monitor your company’s traffic for any potential malicious activity.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.