Cisco DNA Center Bug Opens Enterprises to Remote Attack
A new flaw discovered in Cisco’s web-based management interface of the Cisco DNA Center opens up organizations to cross-site request forgery (CSRF) attacks. This can lead to remote attack and takeover, Cisco says. The high severity vulnerability is tracked as CVE-2021-1257 and boasts a severity score of 7.1 on the CVSS scale. The management interface is a centralized network management platform used to conduct Cisco DNA services.
Cisco DNA is the organization’s solution for aligning campus, branch, WAN, and remote worker elements of enterprise networks. Services include allowing administrators to provision and configure all network devices. The software also uses artificial intelligence and machine learning to search for threats, monitor networks, troubleshoot, and optimize. DNA also integrated with third-party systems to give administrators more flexibility in what they can use DNA for. However, the software allows for deep reach and visibility into an organization’s network, making the vulnerability more dangerous.