Author: Melodie Foster

Date: 26th January 2021

 

The vulnerability in the Cisco Digital Network Architecture (DNA) Centre was found to be a cross-site request forgery bug that could leave a company vulnerable to a remote attack and takeover.

Cisco DNA is used to align campus, branch, WAN and remote-worker elements of enterprise networks. The DNA Centre allows administrators to configure all network devices and uses artificial intelligence and machine learning to monitor and troubleshoot networks. Since the DNA Centre allows for total visibility into an organisation’s network, the bug was given a CVSS score of 7.1 out of 10, meaning it is of high severity.

Cisco posted an advisory which stated that the bug could allow for an unauthenticated, remote attacker to “conduct an attack to manipulate an authenticated user into executing malicious actions without their awareness or consent.”

The vulnerability could be exploited by a phishing email, whereby if a user were to click on the link then the attacker would be able to use the privileges of the authenticated user to perform arbitrary actions on the device.

Vulnerable versions of Cisco DNA Centre include versions before 2.1.1.0 and a patch was released yesterday to fix the issue. [1]

[1] https://threatpost.com/cisco-dna-center-bug-remote-attack/163302/

 

Other resources

Cyberfort Colocation Services

Cyberfort has invested heavily in secure infrastructure, making us the perfect colocation service provider to host your mission-critical, sensitive and regulated data.
Find out more >

What can Cyberfort do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Cyberfort Deep Dives

Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >