Critical Cisco SD-WAN Bugs Allow RCE Attacks

cisco sd-wan security bugs

Cisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite.

Cisco is warning of multiple, critical vulnerabilities in its software-defined networking for wide-area networks (SD-WAN) solutions for business users.

Cisco issued patches addressing eight buffer-overflow and command-injection SD-WAN vulnerabilities. The most serious of these flaws could be exploited by an unauthenticated, remote attacker to execute arbitrary code on the affected system with root privileges.

“Cisco has released software updates that address these vulnerabilities,” according to Cisco in a Wednesday advisory. “There are no workarounds that address these vulnerabilities.”

2020 Reader Survey: Share Your Feedback to Help Us Improve

One critical-severity flaw (CVE-2021-1299) exists in the web-based management interface of Cisco SD-WAN vManage aoftware. This flaw (which ranks 9.9 out of 10 on the CVSS scale) could allow an authenticated, remote attacker to gain root-level access to an affected system and execute arbitrary commands as the root user on the system.

“This vulnerability is due to improper input-validation of user-supplied input to the device template configuration,” according to Cisco. “An attacker could exploit this vulnerability by submitting crafted input to the device template configuration.”

Another serious flaw is CVE-2021-1300, which ranks 9.8 out of 10 on the CVSS scale. The buffer-overflow flaw stems from incorrect handling of IP traffic; an attacker could exploit the flaw by sending crafted IP traffic through an affected device, which may cause a buffer overflow when the traffic is processed. Ultimately, this allows an attacker to execute arbitrary code on the underlying operating system with root privileges.

The following products are affected if they are running a vulnerable release of the SD-WAN software: IOS XE SD-WAN Software, SD-WAN vBond Orchestrator Software, SD-WAN vEdge Cloud Routers, SD-WAN vEdge Routers, SD-WAN vManage Software and SD-WAN vSmart Controller Software. Cisco users can view a full list of the affected software versions as well as the deployed fixed versions, on its security advisory.

Cisco said it is not aware of any exploits targeting these SD-WAN flaws.

Other Critical Cisco Flaws

Three critical flaws (CVE-2021-1138, CVE-2021-1140, CVE-2021-1142) were found in Cisco smart software manager satellite, which offers businesses real-time visibility and reporting of their Cisco licenses.

These flaws, which rank 9.8 out of 10 on the CVSS scale, stem from the Cisco smart software manager satellite’s web user interface and could allow an unauthenticated, remote attacker to execute arbitrary commands as a high-privileged user on an affected device.

“These vulnerabilities are due to insufficient input validation,” according to Cisco. “An attacker could exploit these vulnerabilities by sending malicious HTTP requests to an affected device. A successful exploit could allow the attacker to run arbitrary commands on the underlying operating system.”

The flaws affect Cisco Smart Software Manager Satellite releases 5.1.0 and earlier; fixes are available in the Cisco Smart Software Manager On-Prem releases 6.3.0 and later.

Another critical-severity flaw was found in the Command Runner tool of Cisco DNA Center, which is Cisco’s network management and command center. The flaw (CVE-2021-1264) ranks 9.6 out of 10 on the CVSS scale. This vulnerability affects Cisco DNA Center software releases earlier than 1.3.1.0; fixes are available in software releases 1.3.1.0 and later.

The flaw stems from insufficient input validation by the Command Runner tool, which allows users to send diagnostic CLI commands to selected devices. An attacker could exploit this flaw by providing crafted input during command execution or via a crafted command runner API call, according to Cisco.

“A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center,” according to Cisco.

Download our exclusive FREE Threatpost Insider eBook Healthcare Security Woes Balloon in a Covid-Era World, sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story and DOWNLOAD the eBook now – on us!

Suggested articles