Critical Cisco SD-WAN Bugs Allow RCE Attacks

  • Cisco is stoppering critical holes in its SD-WAN alternatives and its wise software manager satellite.

    Cisco is warning of a number of, critical vulnerabilities in its software package-outlined networking for extensive-space networks (SD-WAN) answers for company consumers.

    Cisco issued patches addressing 8 buffer-overflow and command-injection SD-WAN vulnerabilities. The most really serious of these flaws could be exploited by an unauthenticated, distant attacker to execute arbitrary code on the impacted program with root privileges.

    “Cisco has released software updates that tackle these vulnerabilities,” according to Cisco in a Wednesday advisory. “There are no workarounds that deal with these vulnerabilities.”

    A person critical-severity flaw (CVE-2021-1299) exists in the web-primarily based administration interface of Cisco SD-WAN vManage aoftware. This flaw (which ranks 9.9 out of 10 on the CVSS scale) could enable an authenticated, remote attacker to gain root-amount accessibility to an influenced process and execute arbitrary instructions as the root user on the program.

    “This vulnerability is because of to improper enter-validation of user-provided input to the machine template configuration,” in accordance to Cisco. “An attacker could exploit this vulnerability by publishing crafted enter to the unit template configuration.”

    One more significant flaw is CVE-2021-1300, which ranks 9.8 out of 10 on the CVSS scale. The buffer-overflow flaw stems from incorrect handling of IP website traffic an attacker could exploit the flaw by sending crafted IP traffic as a result of an impacted product, which may well lead to a buffer overflow when the site visitors is processed. In the long run, this makes it possible for an attacker to execute arbitrary code on the fundamental functioning method with root privileges.

    The subsequent products are impacted if they are functioning a susceptible release of the SD-WAN software: IOS XE SD-WAN Application, SD-WAN vBond Orchestrator Computer software, SD-WAN vEdge Cloud Routers, SD-WAN vEdge Routers, SD-WAN vManage Software program and SD-WAN vSmart Controller Software package. Cisco consumers can view a complete list of the influenced software program versions as properly as the deployed preset variations, on its security advisory.

    Cisco claimed it is not informed of any exploits concentrating on these SD-WAN flaws.

    Other Critical Cisco Flaws

    A few critical flaws (CVE-2021-1138, CVE-2021-1140, CVE-2021-1142) ended up found in Cisco sensible computer software supervisor satellite, which offers organizations real-time visibility and reporting of their Cisco licenses.

    These flaws, which rank 9.8 out of 10 on the CVSS scale, stem from the Cisco clever software program manager satellite’s web user interface and could allow an unauthenticated, remote attacker to execute arbitrary commands as a higher-privileged consumer on an affected unit.

    “These vulnerabilities are thanks to insufficient enter validation,” in accordance to Cisco. “An attacker could exploit these vulnerabilities by sending malicious HTTP requests to an affected machine. A successful exploit could let the attacker to run arbitrary commands on the underlying running process.”

    The flaws have an effect on Cisco Smart Program Manager Satellite releases 5.1. and before fixes are available in the Cisco Smart Application Supervisor On-Prem releases 6.3. and afterwards.

    Yet another critical-severity flaw was located in the Command Runner resource of Cisco DNA Heart, which is Cisco’s network management and command centre. The flaw (CVE-2021-1264) ranks 9.6 out of 10 on the CVSS scale. This vulnerability influences Cisco DNA Middle program releases earlier than 1.3.1. fixes are accessible in application releases 1.3.1. and later.

    The flaw stems from insufficient enter validation by the Command Runner instrument, which allows people to deliver diagnostic CLI instructions to chosen units. An attacker could exploit this flaw by delivering crafted input in the course of command execution or via a crafted command runner API get in touch with, in accordance to Cisco.

    “A effective exploit could allow the attacker to execute arbitrary CLI instructions on equipment managed by Cisco DNA Center,” in accordance to Cisco.

    Obtain our exclusive No cost Threatpost Insider E book Healthcare Security Woes Balloon in a Covid-Era Planet, sponsored by ZeroNorth, to find out far more about what these security dangers suggest for hospitals at the working day-to-working day stage and how healthcare security teams can employ ideal methods to guard suppliers and individuals. Get the complete story and Down load the E book now – on us!