APIC Vulnerability in CISCO`s SDN Controller Allows Unauthenticated Remote Root Access

A vulnerability found in CISCO’s SDN controller could enable an attacker to exploit an improper implementation of access controls in the APIC file system and remotely access the APIC as a root user.

The SDN (software defined-network) controller is a collection of modules that manages data flow between servers and routers/switches to enable intelligent networking. Attackers exploiting this vulnerability will gain access to all commands and files on the controller to start modifying the system.

“A vulnerability in the cluster management configuration of the Cisco Application Policy Infrastructure Controller (APIC) and the Cisco Nexus 9000 Series ACI Mode Switch could allow an authenticated, remote attacker to access the APIC as the root user,” reads the CISCO advisory. “The vulnerability is due to improper implementation of access controls in the APIC filesystem.”

Since there are no known workarounds for the vulnerability, CISCO has already issued a patch that fixes the flaw, and it strongly encourages everyone to download and install it. The products known to be affected by the vulnerability are APIC controllers running software versions prior to 1.1(1j), 1.0(3o) and 1.0(4o), and Cisco Nexus 9000 Series ACI Mode Switches running software versions prior to Release 11.1(1j) and 11.0(4o).

Although CISCO knows of no in-the-wild exploitation of this vulnerability, an attack using on this vulnerability could be reported any time.

“The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory,” reads the advisory. “This vulnerability was reported to Cisco during an internal security evaluation.”

Businesses relying on CISCO’s SDN controllers to manage a network’s topography should immediately apply the latest patches to avoid breaches using this vulnerability.