Source: blog.shiftleft.io
Hunting 0-days in Cisco DCNM with ShiftLeft OcularCategory: shell
ince the CVEs are now public, it’s time to show how ShiftLeft Ocular was used to discover 3 zero-day vulnerabilities in Cisco DCNM in a matter of hours while sipping some coffee and ranting about the incessant rains in Berlin. The adventure began when our security team came across this blog by Source Incite that showcased their process of discovering some security bugs in Cisco Data Center Network Manager (DCNM).
To achieve this, we crafted some queries that mark all the incoming calls to methods with isValid* in their name as sinks and see if there are incoming flows to it.
For this we just used Ocular to print the code expressions of the method and manually verify what the validity function is doing.
The last remaining XSS vulnerability was also discovered with a similar mix of automated and manual analysis to confirm the data-flow, so we can skip this since more information about that is already in the Cisco disclosure.
To achieve this, we crafted some queries that mark all the incoming calls to methods with isValid* in their name as sinks and see if there are incoming flows to it.
For this we just used Ocular to print the code expressions of the method and manually verify what the validity function is doing.
The last remaining XSS vulnerability was also discovered with a similar mix of automated and manual analysis to confirm the data-flow, so we can skip this since more information about that is already in the Cisco disclosure.
Related Articles
Community Partners
DevOps Careers