Cisco is warning of severe critical and high-severity flaws in the Data Center Network Manager (DCNM) for organizing and managing network platforms and switches. The flaw could allow an unauthenticated, remote attacker to bypass authentication on various vulnerable devices.
DCNM, a platform for managing Cisco data centers running on Cisco’s NX-OS — the network operating system leveraged by Cisco’s MDS-series Fiber Channel storage area network switches and Nexus-series Ethernet switches. The flaws lie in the REST API of DCNM — and the most grave of these could allow an unauthenticated, remote attacker to bypass severe authentication, and ultimately execute arbitrary actions having administrative privileges on a vulnerable device.
The (CVE-2020-3382) critical flaw found during internal security testing, rating 9.8 out of 10 on the CVSS scale, making it critically severe. While the flaw is extremely serious, the Cisco Product Security Incident Response Team confirmed it is not aware of public announcements or malicious exploits of the vulnerability.