On April 7th, Cisco confirmed the presence of multiple vulnerabilities in the Cisco SD-WAN vManage Software, potentially allowing unauthenticated remote attackers to execute arbitrary code or enabling locally authenticated users to escalate privileges on affected systems. These vulnerabilities have been rated as critical, and Cisco has released software updates to address them.
Scope of the Vulnerability
These vulnerabilities impact any Cisco products running vulnerable releases of the Cisco SD-WAN vManage Software. However, Cisco has confirmed that the following products are not affected:
- IOS XE SD-WAN Software
- SD-WAN cEdge Routers
- SD-WAN vBond Orchestrator Software
- SD-WAN vEdge Routers
- SD-WAN vSmart Controller Software
The vulnerabilities can be exploited independently of one another, meaning that exploiting one does not depend on the success of exploiting others. Each vulnerability affects specific versions of the software, and organizations should take immediate action to update their systems.
Vulnerabilities Explained
CVE-2021-1479: Cisco SD-WAN vManage Remote Management Buffer Overflow Vulnerability
- Severity: Critical
- CVSS Base Score: 9.8 (CVSS:3.1/AV
/AC/PR/UI/S/C/I/A)
- Impact: This vulnerability allows an unauthenticated remote attacker to cause a buffer overflow, potentially resulting in arbitrary code execution with root privileges. It stems from improper validation of user-supplied input. Attackers can exploit this by sending crafted connection requests to the vulnerable component.
- Bug ID: CSCvv87918
CVE-2021-1137: Cisco SD-WAN vManage Privilege Escalation Vulnerability
- Severity: High
- CVSS Base Score: 7.8 (CVSS:3.1/AV
/AC/PR/UI/S/C/I/A)
- Impact: This vulnerability allows authenticated local attackers to escalate privileges. Exploiting the insufficient input validation in the user management function, an attacker could modify a user account, gaining root privileges on the underlying system.
- Bug ID: CSCvw08533
CVE-2021-1480: Cisco SD-WAN vManage Privilege Escalation Vulnerability
- Severity: High
- CVSS Base Score: 7.8 (CVSS:3.1/AV
/AC/PR/UI/S/C/I/A)
- Impact: This vulnerability allows local attackers to escalate privileges by exploiting improper validation of input to the system file transfer functions. By sending specially crafted requests, the attacker can overwrite files and modify the system to gain root privileges.
- Bug ID: CSCvw31395 and CSCvs98509
Mitigation and Recommendations
Cisco has released free software updates to address these vulnerabilities. Organizations are urged to upgrade to the fixed software versions as listed below. Only licensed versions are eligible for support. By using the updates, customers agree to the terms of Cisco’s software policies.
Fixed Release Versions
| Cisco SD-WAN vManage Release | First Fixed Release | First Fixed Release for All Vulnerabilities |
|---|---|---|
| 18.4 and earlier | Migrate to a fixed release | Migrate to a fixed release |
| 19.2 | 19.2.4 | 19.2.4 |
| 19.3 | Migrate to a fixed release | Migrate to a fixed release |
| 20.1 | Migrate to a fixed release | Migrate to a fixed release |
| 20.3 | 20.3.3 | 20.3.3 |
| 20.4 | 20.4.1 | 20.4.1 |
Conclusion
Organizations running Cisco SD-WAN vManage Software should take immediate action by upgrading to the fixed software versions listed above. Without these updates, your systems are vulnerable to exploits that could allow attackers to execute arbitrary code or escalate privileges. Cisco's updates offer the only mitigation to address these critical vulnerabilities.
Stay proactive in maintaining your organization's security posture by ensuring that all systems are regularly updated with the latest patches. This is a critical step in protecting your organization from emerging threats.
