Skip to main content

Cisco Data Center Manager Software Users Should Patch Immediately

By August 11, 2020May 18th, 2021Technology News

Do you use Cisco’s Data Center Manager Software? If so, be advised that the company recently issued an advisory concerning a serious security flaw.

The advisory reads, in part, as follows:

“The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.

A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. The attacker may be able to access sensitive information, modify the system configuration, or impact the availability of the affected system.”

The bug is being tracked as CVE-2020-3382. The essence of the issue is that an attacker can use the static key to generate a valid session token on an affected device and make use of the REST API with administrative privileges. This would allow them to do pretty much anything they please.

There are no known workarounds for the issue, and it affects DCNM versions 11.0, 11.1, 11.2, and 11.3. If you’re currently running any of those, you’ll want to update to the latest version right away. This one has a severity rating of 9.8 out of a possible 10.

The company was quick to point out that there have been no known instances of hackers actually making use of this exploit yet. However, given its severity and the fact that there are no workarounds for it, your best bet is to update your software as soon as possible.

Be sure your IT staff is aware, and make sure they make updating a high priority. This one’s serious enough to warrant immediate attention.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.