Headline
Unpatched Cisco Catalyst SD-WAN Manager Systems Exposed to DoS Attacks
By Deeba Ahmed Cisco Releases Security Patches for Critical Vulnerabilities in Catalyst SD-WAN Manager. This is a post from HackRead.com Read the original post: Unpatched Cisco Catalyst SD-WAN Manager Systems Exposed to DoS Attacks
Cisco has confirmed that these vulnerabilities have not been exploited in the wild, at least as of now.
****KEY FINDINGS****
Multiple vulnerabilities have been found in Cisco’s Catalyst SD-WAN Manager.
There isn’t any workaround available for these issues.
Catalyst SD-WAN Manager is a centralized network management system.
It is highly crucial to patch the system to stay protected.
In total four vulnerabilities have been reported, one with a Critical severity level, 3 having a High severity level, and one was assigned Medium severity.
Unpatched systems can allow cybercriminals to gain unauthorized access to user accounts, make changes as they desire, and even cause DoS attacks.
Networking, IT, telecom, and cybersecurity solutions provider Cisco has released a critical security advisory to alert users about the vulnerabilities found in its Catalyst SD-WAN Manager, previously known as Cisco SD-WAN vManage.
The company discovered multiple vulnerabilities in the product, which can let an attacker obtain unauthorized access or launch a Denial of Service (DoS) attack on the infected system. An attacker with elevated privileges can install programs, modify/view/delete data, and create new user accounts with full rights. However, users having accounts with fewer rights may not be as impacted compared to those having accounts with administrative rights.
Cisco’s advisory read that none of the vulnerabilities depend on each other. This means it isn’t necessary to exploit multiple flaws to succeed. Moreover, a software version impacted by one of these flaws may not necessarily be impacted by other software flaws.
****Vulnerable Products:****
- Cisco Catalyst SD-WAN Manager 20.3 – 20.12
****Non-Vulnerable Products:****
- IOS XE Software
- SD-WAN cEdge Routers
- SD-WAN vEdge Routers
Cisco has confirmed that these vulnerabilities haven’t yet been exploited in the wild. The high-risk entities include large to medium government institutions/organizations, whereas risk intensity for small government entities is medium and low for home users.
****Vulnerabilities Details****
CVE-2023-20252 has a critical severity level with a CVSS score of 9.8. It allows unauthorized access to the SD-WAN Manager through SAML (Security Assertion Markup Language) APIs. An unauthenticated actor can gain unauthorized access to the application as an arbitrary user.
CVE-2023-20253 has been rated High and has a CVSS score of 8.4. It was found in the CLI (command-line interface) of the manager. It can let an authenticated, local actor with read-only privileges evade the authorization process, reverse controller configurations, and deploy them to downstream users.
CVE-2023-20034 is also rated High and was assigned a CVVSS Base Score of 7.5. It is an information disclosure vulnerability that allows an unauthenticated, remote attacker to access the Elasticsearch database of an impacted system by obtaining Elasticsearch user privileges.
CVE-2023-20254 has a high severity rating and a CVSS score of 7.2. It is linked to the session management system of the manager’s multi-tenant feature. An unauthorized, remote actor can access another tenant and make unauthorized configuration changes or cause a DoS attack.
CVE-2023-20262 is a medium-severity vulnerability with a CVSS score of 5.3. It was found in the manager’s SSH (Secure Shell) service and can lead to a crash, causing a DoS situation for SSH access.
These issues impact the Cisco Catalyst SD-WAN Manager. Cisco has released free software updates to address these issues. Since no workarounds are available for these issues, it is necessary to fix the software to stay protected.
****RELATED ARTICLES****
Related news
Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on affected systems. The medium-severity vulnerability is tracked as CVE-2023-20109, and has a CVSS score of 6.6. It impacts all versions of the software that have the GDOI or G-IKEv2 protocol enabled. The
Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the presence of a static username and password configured on the vManage. An attacker could exploit this vulnerability by sending a crafted HTTP request to a reachable vManage on port 9200. A successful exploit could allow the attacker to view the Elasticsearch database content. There are workarounds that address this vulnerability.
Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the presence of a static username and password configured on the vManage. An attacker could exploit this vulnerability by sending a crafted HTTP request to a reachable vManage on port 9200. A successful exploit could allow the attacker to view the Elasticsearch database content. There are workarounds that address this vulnerability.
Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the presence of a static username and password configured on the vManage. An attacker could exploit this vulnerability by sending a crafted HTTP request to a reachable vManage on port 9200. A successful exploit could allow the attacker to view the Elasticsearch database content. There are workarounds that address this vulnerability.
Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the presence of a static username and password configured on the vManage. An attacker could exploit this vulnerability by sending a crafted HTTP request to a reachable vManage on port 9200. A successful exploit could allow the attacker to view the Elasticsearch database content. There are workarounds that address this vulnerability.
Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the presence of a static username and password configured on the vManage. An attacker could exploit this vulnerability by sending a crafted HTTP request to a reachable vManage on port 9200. A successful exploit could allow the attacker to view the Elasticsearch database content. There are workarounds that address this vulnerability.