Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-34725: Cisco Security Advisory: Cisco IOS XE SD-WAN Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root-level privileges.

CVE
Open in Source
#vulnerability#ios#cisco#auth

At the time of publication, this vulnerability affected the following Cisco products if they were running a vulnerable release of Cisco IOS XE SD-WAN Software and had the SD-WAN feature enabled:

  • 1000 Series Integrated Services Routers (ISRs)
  • 4000 Series ISRs
  • ASR 1000 Series Aggregation Services Routers
  • Cloud Services Router 1000V Series

Note: The SD-WAN feature is not enabled by default.

For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory.

Note: The standalone Cisco IOS XE SD-WAN release images are separate from the universal Cisco IOS XE Software releases. The SD-WAN feature set was first integrated into the universal Cisco IOS XE Software releases starting with IOS XE Software Release 17.2.1r. For additional information, see the Install and Upgrade Cisco IOS XE Release 17.2.1r and Later chapter of the Cisco SD-WAN Getting Started Guide.

Determine the Device Configuration

There are two methods for determining whether the SD-WAN feature is enabled on a device:

**Option 1: Use the show running-config | include sdwan Command
**

To determine whether sdwan mode is enabled on a device, use the show running-config | include sdwan command and check the tunnel mode in the output. If the command returns tunnel mode sdwan, the sdwan feature is enabled and the device is vulnerable. If the command returns no output or the command does not exist, the SD-WAN feature is not enabled and the device is not affected by this vulnerability.

The following example shows the output of the show running-config | include sdwan command on a device that has the SD-WAN feature enabled:

Router# show running-config | include sdwan
tunnel mode sdwan
Router#

**Option 2: Use the show version Command
**

Alternatively, use the show version command to determine whether the Cisco IOS XE device is in Controller mode. The end of the output includes the router operating mode, which indicates whether the device is in Controller mode.

The following example shows part of the show version command output on a device that has the SD-WAN feature enabled:

Router# show version
.
.
.
Router operating mode: Controller-Managed
.
.
.

Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

  • IOS Software
  • IOS XR Software
  • Meraki products
  • NX-OS Software

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE