Technology

Cisco fixes critical ‘DNA’ software flaws

IT giant Cisco this week released patches for three critical vulnerabilities in its enterprise networking software, two of which could allow an attacker to bypass authentication measures and access data deep into the network.

By Sean Lyngaas

May 18, 2018

(Praytino / Flickr)

The affected software, known as the Digital Network Architecture (DNA) Center, serves as a hub for configuring devices across an IT network, allowing administrators to track networking flaws. Each of the vulnerabilities is fixed in more recent versions of the software.

One of the vulnerabilities stems from an insecure configuration of a DNA Center management system, Cisco said in an advisory. An attacker with the ability to access the management system’s service port “could execute commands with elevated privileges within provisioned containers,” the company said, potentially resulting in the complete compromise of a container.

The San Jose, California-based company said it found two of the three software bugs in internal testing (the third was discovered in coordination with a customer), and that it isn’t aware of malicious exploitation of any of the bugs.

Hackers have had their sights on Cisco gear in recent months. In a separate episode, the corporation’s threat intelligence team recently revealed that attackers had hit its switches in multiple countries. According to Cisco, some of those attacks were “believed to be associated with nation-state actors, such as those described” in a recent Department of Homeland Security report that blamed Russian government hackers for targeting multiple U.S. industries.

Cisco on Thursday joined the “Charter of Trust,” a compact of corporate titans including Siemens and IBM that is calling for improvements in the cybersecurity of infrastructure.