The giant Cisco has rolled out software updates to address multiple critical vulnerabilities impacting Cisco SD-WAN vManage Software that could allow an attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application.
Affected Products
These vulnerabilities only affect the Cisco devices which are running a vulnerable release of Cisco SD-WAN vManage Software.
Products Confirmed Not Vulnerable
Cisco has confirmed that these vulnerabilities do not affect the following Cisco products:
- IOS XE SD-WAN Software
- SD-WAN cEdge Routers
- SD-WAN vBond Orchestrator Software
- SD-WAN vEdge Routers
- SD-WAN vSmart Controller Software
The good thing about these vulnerabilities is that they are independent of each other. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.
Vulnerabilities Information:
CVE-2021-1468: Cisco SD-WAN vManage Cluster-Mode Unauthorized Message Processing Vulnerability
A vulnerability in a messaging service of Cisco SD-WAN vManage Software when operating in cluster mode could allow an unauthenticated, remote attacker to send unauthorized messages to the vulnerable application.
This is because of improper authentication checks on user-supplied input to an application messaging service. An attacker could exploit this vulnerability by submitting crafted input to the service. A successful exploit could allow the attacker to call privileged actions within the affected system, including creating new administrative-level user accounts.
CVE ID: CVE-2021-1468
Security Impact Rating (SIR): Critical
CVE-2021-1505: Cisco SD-WAN vManage Cluster Mode Privilege Escalation Vulnerability
This vulnerability is caused because of the affected software not performing authorization checks on certain operations. An attacker could exploit this vulnerability by sending crafted requests to the affected system.
CVE ID: CVE-2021-1505
Security Impact Rating (SIR): Critical
CVE-2021-1508: Cisco SD-WAN vManage Cluster Mode Unauthorized Access Vulnerability
This is caused when the affected software does not perform authorization checks on certain operations.
CVE ID: CVE-2021-1508
Security Impact Rating (SIR): High
 CVE-2021-1275: Cisco SD-WAN vManage Denial of Service Vulnerability
This is due to insufficient handling of API requests to the affected system. An attacker could exploit this vulnerability by sending a large amount of API requests to the affected system. A successful exploit could allow the attacker to cause a DoS condition on the affected system.
CVE ID: CVE-2021-1275
Security Impact Rating (SIR): High
CVE-2021-1506: Cisco SD-WAN vManage Cluster-Mode Unauthorized Services Access Vulnerability
This vulnerability is cause because the affected software does not perform authorization checks on service access. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to bypass authorization checks and gain unauthorized access to services within the affected system.
CVE ID: CVE-2021-1506
Security Impact Rating (SIR): High
Conclusion:
Customers are advised to upgrade to an appropriate fixed software release as soon as possible saving the infrastructure for any of these exploitations.
Also Read
Hundreds of Millions of Dell Systems at Risks Due to Driver Flaws