Cisco tags critical security holes in SD-WAN software
Cisco has noted and fixed two critical and a number of high-degree vulnerabilities in its SD-WAN software portfolio.
Most of the vulnerabilities could let an authenticated attacker execute command injection attacks against an affected device, which could let the attacker utilize root privileges on the device.
The first critical problem–with a Common Vulnerability Scoring System rating of 9.9 out of 10–is vulnerability in the web-based management interface of Cisco SD-WAN vManage Software.
“This vulnerability is due to improper input validation of user-supplied input to the device template configuration,” Cisco stated. “An attacker could exploit this vulnerability by submitting crafted input to the device template configuration. A successful exploit could allow the attacker to gain root-level access to the affected system.”
This vulnerability affects only the Cisco SD-WAN vManage product, the company stated.
The second critical Cisco SD-WAN Software issue–with a CVSS rating of 9.8—could let an unauthenticated, remote attacker to cause a buffer overflow.
“The vulnerability is due to incorrect handling of IP traffic,” Cisco stated. “An attacker could exploit this vulnerability by sending crafted IP traffic through an affected device, which may cause a buffer overflow when the traffic is processed. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges.”
Cisco has released software updates that address both critical vulnerabilities. Other vulnerabilities in the Command Line Interface of Cisco SD-WAN Software are rated high and include:
- A vulnerability in the CLI of Cisco SD-WAN Software that could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow the attacker to obtain root privileges and read, write, and delete files of the underlying file system of an affected device. This vulnerability is due to insufficient validation of user-supplied input on the CLI, Cisco stated. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands, Cisco stated.
- A weakness in the CLI of Cisco SD-WAN Software could let an authenticated, local attacker with read-only credentials inject arbitrary commands that could let the attacker obtain root privileges and read, write, and delete files of the underlying file system of an affected device. “This vulnerability is due to insufficient validation of user-supplied input on the CLI. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges,” Cisco stated.
- Another CLI weakness that could let an authenticated, local attacker with read-only credentials to inject arbitrary commands that could let the attacker obtain root privileges and read files from the underlying file system of an affected device. This vulnerability is due to insufficient validation of user-supplied input on the SD-WAN CLI. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands, Cisco stated.
In the same package of Security Advisories, Cisco issued a critical patch for its DNA Center software. Specifically, the company said a weakness–with a CVSS rating of 9.6—in the Command Runner tool of Cisco DNA Center could let an authenticated, remote attacker perform a command-injection attack. An attacker could exploit this vulnerability by providing crafted input during command execution or via a crafted command runner API call. A successful exploit could enable the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center. This vulnerability affects Cisco DNA Center Software releases earlier than 1.3.1.0, Cisco stated.
Other DNA Center-related security advisories include:
- A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. This vulnerability affects Cisco DNA Center Software releases earlier than 2.1.2.0.
- A exposure in the DNA Center Software’s web-based management interface that could let an unauthenticated, remote attacker conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent.
Cisco has released software fixes for all the vulnerabilities it outlined. For more information Cisco pointed users to its license page here.
READ MORE HERE