Skip to main content

Cisco Data Center Manager Software Users Should Patch Immediately

By August 11, 2020May 5th, 2022Technology News

Do you use Cisco’s Data Center Manager Software? If so, be advised that the company recently issued an advisory concerning a serious security flaw.

The advisory reads, in part, as follows:

“The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.

A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. The attacker may be able to access sensitive information, modify the system configuration, or impact the availability of the affected system.”

The bug is being tracked as CVE-2020-3382. The essence of the issue is that an attacker can use the static key to generate a valid session token on an affected device and make use of the REST API with administrative privileges. This would allow them to do pretty much anything they please.

There are no known workarounds for the issue, and it affects DCNM versions 11.0, 11.1, 11.2, and 11.3. If you’re currently running any of those, you’ll want to update to the latest version right away. This one has a severity rating of 9.8 out of a possible 10.

The company was quick to point out that there have been no known instances of hackers actually making use of this exploit yet. However, given its severity and the fact that there are no workarounds for it, your best bet is to update your software as soon as possible.

Be sure your IT staff is aware, and make sure they make updating a high priority. This one’s serious enough to warrant immediate attention.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.