Cisco SD-WAN Bug

The giant Cisco has rolled out software updates to address multiple critical vulnerabilities impacting Cisco SD-WAN vManage Software that could allow an attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application.

Affected Products

These vulnerabilities only affect the Cisco devices which are running a vulnerable release of Cisco SD-WAN vManage Software.

Products Confirmed Not Vulnerable

Cisco has confirmed that these vulnerabilities do not affect the following Cisco products:

  • IOS XE SD-WAN Software
    • SD-WAN cEdge Routers
    • SD-WAN vBond Orchestrator Software
    • SD-WAN vEdge Routers
    • SD-WAN vSmart Controller Software

The good thing about these vulnerabilities is that they are independent of each other. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.

Vulnerabilities Information:

CVE-2021-1468: Cisco SD-WAN vManage Cluster-Mode Unauthorized Message Processing Vulnerability

A vulnerability in a messaging service of Cisco SD-WAN vManage Software when operating in cluster mode could allow an unauthenticated, remote attacker to send unauthorized messages to the vulnerable application.

This is because of improper authentication checks on user-supplied input to an application messaging service. An attacker could exploit this vulnerability by submitting crafted input to the service. A successful exploit could allow the attacker to call privileged actions within the affected system, including creating new administrative-level user accounts.

CVE ID: CVE-2021-1468
Security Impact Rating (SIR): Critical

CVE-2021-1505: Cisco SD-WAN vManage Cluster Mode Privilege Escalation Vulnerability

This vulnerability is caused because of the affected software not performing authorization checks on certain operations. An attacker could exploit this vulnerability by sending crafted requests to the affected system.

CVE ID: CVE-2021-1505
Security Impact Rating (SIR): Critical

CVE-2021-1508: Cisco SD-WAN vManage Cluster Mode Unauthorized Access Vulnerability

This is caused when the affected software does not perform authorization checks on certain operations.

CVE ID: CVE-2021-1508

Security Impact Rating (SIR): High

 CVE-2021-1275: Cisco SD-WAN vManage Denial of Service Vulnerability

This is due to insufficient handling of API requests to the affected system. An attacker could exploit this vulnerability by sending a large amount of API requests to the affected system. A successful exploit could allow the attacker to cause a DoS condition on the affected system.

CVE ID: CVE-2021-1275
Security Impact Rating (SIR): High

CVE-2021-1506: Cisco SD-WAN vManage Cluster-Mode Unauthorized Services Access Vulnerability

This vulnerability is cause because the affected software does not perform authorization checks on service access. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to bypass authorization checks and gain unauthorized access to services within the affected system.
CVE ID: CVE-2021-1506
Security Impact Rating (SIR): High

Conclusion:

Customers are advised to upgrade to an appropriate fixed software release as soon as possible saving the infrastructure for any of these exploitations.

Also Read

Hundreds of Millions of Dell Systems at Risks Due to Driver Flaws

Exim Email Servers could be Hacked by Exploiting 21 Vulnerabilities allow Attackers to Fully Compromise Mail

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.