Advertisement

Cisco fixes critical ‘DNA’ software flaws

IT giant Cisco this week released patches for three critical vulnerabilities in its enterprise networking software, two of which could allow an attacker to bypass authentication measures and access data deep into the network.
Cisco
(Praytino / Flickr)

IT giant Cisco this week released patches for three critical vulnerabilities in its enterprise networking software, two of which could allow an attacker to bypass authentication measures and access data deep into the network.

The affected software, known as the Digital Network Architecture (DNA) Center, serves as a hub for configuring devices across an IT network, allowing administrators to track networking flaws. Each of the vulnerabilities is fixed in more recent versions of the software.

One of the vulnerabilities stems from an insecure configuration of a DNA Center management system, Cisco said in an advisory. An attacker with the ability to access the management system’s service port “could execute commands with elevated privileges within provisioned containers,” the company said, potentially resulting in the complete compromise of a container.

The San Jose, California-based company said it found two of the three software bugs in internal testing (the third was discovered in coordination with a customer), and that it isn’t aware of malicious exploitation of any of the bugs.

Advertisement

Hackers have had their sights on Cisco gear in recent months. In a separate episode, the corporation’s threat intelligence team recently revealed that attackers had hit its switches in multiple countries. According to Cisco, some of those attacks were “believed to be associated with nation-state actors, such as those described” in a recent Department of Homeland Security report that blamed Russian government hackers for targeting multiple U.S. industries.

Cisco on Thursday joined the “Charter of Trust,” a compact of corporate titans including Siemens and IBM that is calling for improvements in the cybersecurity of infrastructure.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts