Cisco SD-WAN vManage Flaw: Let Attackers Escalate Privileges

by Esmeralda McKenzie
Cisco SD-WAN vManage Flaw: Let Attackers Escalate Privileges

Cisco SD-WAN vManage Flaw: Let Attackers Escalate Privileges

Cisco SD-WAN vManage Flaw: Let Attackers Escalate Privileges

A predominant severity vulnerability has been detected within the question authentication validation for the REST API of the Cisco SD-WAN vManage tool. Cisco launched a safety warning alerting users to the CVE-2023-20214 serious vulnerability.

This would perhaps allow a some distance-off, unauthenticated attacker to construct read bring together entry to or restricted write permissions to the configuration of an impacted Cisco SD-WAN vManage occasion.

“This vulnerability is which capacity of insufficient question validation when the utilize of the REST API feature. An attacker would possibly maybe exploit this vulnerability by sending a crafted API question to an affected vManage occasion”, reads Cisco advisory.

Application patches from Cisco had been made available to fix this affirm of affairs. There is now not any workarounds for this weakness.

Particulars of the Serious-Severity Vulnerability

The Cisco SD-WAN vManage API is a REST API damaged-down to manipulate, configure, and video display Cisco units in an overlay network. The vManage API has the next utilize conditions:

  • Monitoring tool residence
  • Configuring a tool, equivalent to attaching a template to a tool
  • Querying and aggregating tool statistics

By sending a particularly constructed API question to the inclined vManage conditions, the flaw, which outcomes from insufficient question validation when the utilize of the REST API feature, would possibly maybe even be exploited.

Attackers shall be ready to retrieve confidential files from the compromised machine, substitute definite configurations, stop network actions, and extra.

“A a hit exploit would possibly maybe allow the attacker to retrieve files from and ship files to the configuration of the affected Cisco vManage occasion,” Cisco.

“This vulnerability easiest impacts the REST API and doesn’t have an mark on the catch-based mostly management interface or the CLI.”

Affected Merchandise

This flaw impacts inclined versions of Cisco SD-WAN vManage tool.

Merchandise No longer Affected

Essentially based on Cisco, the next Cisco products must now not struggling from this vulnerability:

  • IOS XE
  • IOS XE SD-WAN
  • SD-WAN cEdge Routers
  • SD-WAN vBond Orchestrator Application
  • SD-WAN vEdge Cloud Routers
  • SD-WAN vEdge Routers
  • SD-WAN vSmart Controller Application

Mitigation

Essentially based on Cisco, there must now not any workarounds for this vulnerability, but there are recommendations to dramatically decrease the assault surface.

Management bring together entry to lists (ACLs), which restrict bring together entry to to vManage conditions to appropriate definite IP addresses, are encouraged for utilization by network directors as a capacity to preserve out outdoors attackers.

The utilize of API keys to bring together entry to APIs is one other stable safety step; Cisco on the total recommends this, even though it is now not a strict necessity for vManage implementations.

Administrators are also knowledgeable to preserve watch over the logs for any makes an are attempting to utilize the REST API, that would possibly maybe very wisely be a label of a vulnerability being exploited.

Use the expose “vmanage# video display log /var/log/nms/vmanage-server.log” to peek the contents of the vmanage-server.log file.

Fixes On hand

  • v20.6.3.3 – fastened in v20.6.3.4
  • v20.6.4 – fastened in v20.6.4.2
  • v20.6.5 – fastened in v20.6.5.5
  • v20.9 – fastened in v20.9.3.2
  • v20.10 – fastened in v20.10.1.2
  • v20.11 – fastened in v20.11.1.2
Cisco SD-WAN vManage Inaugurate First Fastened Inaugurate
18.3 No longer affected.
18.4 No longer affected.
19.1 No longer affected.
19.2 No longer affected.
20.1 No longer affected.
20.3 No longer affected.
20.4 No longer affected.
20.5 No longer affected.
20.6.1 No longer affected.
20.6.2 No longer affected.
20.6.3 No longer affected.
20.6.3.1 No longer affected.
20.6.3.2 No longer affected.
20.6.3.3 20.6.3.4
20.6.4 20.6.4.2
20.6.5 20.6.5.5
20.7 Migrate to a fastened free up.
20.8 Migrate to a fastened free up.
20.9 20.9.3.2
20.10 20.10.1.2
20.11 20.11.1.2

Source credit : cybersecuritynews.com

Related Posts