Cisco fixed multiple flaws in SD-WAN vManage Software, including a critical RCE

Cisco has addressed a critical pre-authentication remote code execution (RCE) vulnerability in the SD-WAN vManage Software.

Cisco has addressed multiple vulnerabilities in Cisco SD-WAN vManage Software that could be exploited by an unauthenticated, remote attacker to execute arbitrary code or by an authenticated, local attacker to gain escalated privileges on vulnerable systems.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

The most severe vulnerability is a critical pre-authentication remote code execution (RCE) issue, tracked as CVE-2021-1479, that affects the remote management component of its SD-WAN vManage Software.

The CVE-2021-1479 flaw could be exploited by an unauthenticated, remote attacker to trigger a buffer overflow on vulnerable devices. The issue could be easily exploited in low complexity attacks without user interaction, for this reason, it received a severity score of 9.8/10.

“A vulnerability in a remote management component of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition. The vulnerability is due to improper validation of user-supplied input to the vulnerable component.” reads the advisory published by Cisco. “An attacker could exploit this vulnerability by sending a crafted connection request to the vulnerable component that, when processed, could cause a buffer overflow condition. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges.”

The tech giant also addressed two other high-severity security flaws in the user management and system file transfer functions of the same product, respectively tracked as CVE-2021-1137 and CVE-2021-1480. Both flaws could allow attackers to escalate privileges. Both flaws are due to insufficient input validation, they could be triggered to gain root privileges on the underlying operating system.

The vulnerabilities affect Cisco SD-WAN vManage releases 20.4 and earlier, the company addressed the flaw with the release of 20.4.1, 20.3.3, and 19.2.4 security updates.

Cisco fixed multiple flaws in SD-WAN vManage Software, including a critical RCE

Cisco’s Product Security Incident Response Team (PSIRT) confirmed that it is not aware of attacks in the wild exploiting the above vulnerabilities.

In January, Cisco released security updates to address multiple flaws in Cisco SD-WAN products that could allow an unauthenticated, remote attacker to execute attacks against vulnerable devices.

One of the issues, tracked as CVE-2021-1300, is a Cisco SD-WAN buffer overflow vulnerability that could be exploited by an unauthenticated, remote attacker to trigger a buffer overflow condition.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Hades ransomware)

The post Cisco fixed multiple flaws in SD-WAN vManage Software, including a critical RCE appeared first on Security Affairs.

By admin