Recently, Cisco released 16 advisories that included 3 alerts on vulnerabilities with a critical rating. Though Cisco is a worldwide leader in IT and networking, even its software is susceptible to hacking. The liabilities include two bypasses of the authentication system and a backdoor account for Cisco Digital Network Architecture (DNA) Center.
Aimed at the company’s clients, the Cisco DNA Center is a piece of complex software providing a central system for designing and positioning device configurations over a large network. The flaws came to light on account of a recent internal audit done.
a. CVE-2018-0222: This flaw is the easiest to take advantage of. It is a backdoor account to the system which Cisco describes as an "undocumented, static user credentials for the default administrative account". According to the company, it grants the hacker core privileges on the targeted systems. Users are advised to disable the account as soon as possible by applying software patches as there are no other ways of disabling it until updates are installed.
b. CVE-2018-0268: This is the second Achilles' heel and basically an authentication bypass. The Cisco’s DNA Center has a Kubernetes container management system embedded inside it. Someone who is capable of accessing the Kubernetes’ service port can execute commands with superior privileges within provisioned containers, according to a Cisco spokesperson. “The affected containers can be compromised if the bypass is successful.” There are no other methods to deflect this flaw and it’s up to the users to protect themselves by updating their DNA Center.
c. CVE-2018-0271: This is an authentication bypass flaw in Cisco’s DNA Center’s API getaway. This occurs if the URLs are not normalized before the servicing requests. This weakness can be exploited by submitting a fake URL designed to capitalize on the situation. If the hacker attains success, there can be unauthorized access to critical services.
Although Cisco has resolved all three vulnerabilities, it doesn’t ensure that there won’t be similar weaknesses in the future. This is because the company follows the process of hardcoding passwords where the passwords are embedded into the source code, rendering the system vulnerable and susceptible to attacks.
