On April 7th, Cisco confirmed the existence of multiple vulnerabilities in the Cisco SD-WAN vManage Software that can allow for an unauthenticated, remote attacker to execute arbitrary and potentially malicious code or allow a locally authenticated user to gain escalated privileges on affected systems.

For more information about the full scope of these vulnerabilities, refer to the official Cisco security advisory.

Cisco has released software updates that address and mitigate these vulnerabilities.

Critical Vulnerabilities in Cisco SD-WAN vManage Software

On April 7th, Cisco confirmed the existence of multiple vulnerabilities in the Cisco SD-WAN vManage Software that can allow for an unauthenticated, remote attacker to execute arbitrary and potentially malicious code or allow a locally authenticated user to gain escalated privileges on affected systems.  For more information about the full scope of these vulnerabilities, refer to the official Cisco security advisory.  Cisco has released software updates that address and mitigate these vulnerabilities.

Scope of Vulnerability

These vulnerabilities exist on any Cisco products running vulnerable releases of Cisco SD-WAN vManage Software. Cisco has confirmed that these vulnerabilities do not affect the following Cisco products:
  • IOS XE SD-WAN Software
  • SD-WAN cEdge Routers
  • SD-WAN vBond Orchestrator Software
  • SD-WAN vEdge Routers
  • SD-WAN vSmart Controller Software
The vulnerabilities discussed are not dependent on one another. The exploitation of one vulnerability is not required to take advantage of additional vulnerabilities. Additionally, a software release affected by one of the vulnerabilities may not be affected by the other vulnerabilities.  The specific details of this vulnerability are as follows: CVE-2021-1479: Cisco SD-WAN vManage Remote Management Buffer Overflow Vulnerability A vulnerability in a remote management component of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition. The vulnerability is due to improper validation of user-supplied input to the vulnerable component. An attacker could exploit this vulnerability by sending a crafted connection request to the vulnerable component that, when processed, could cause a buffer overflow condition. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. Bug ID(s): CSCvv87918 CVE ID: CVE-2021-1479 Security Impact Rating (SIR): Critical CVSS Base Score: 9.8 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H   CVE-2021-1137: Cisco SD-WAN vManage Privilege Escalation Vulnerability A vulnerability in the user management function of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to insufficient input validation by the affected software. An authenticated attacker who has permission to add new users or groups on the vManage system could exploit this vulnerability by modifying a user account. A successful exploit could allow the attacker to gain root privileges on the underlying operating system.   Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCvw08533 CVE ID: CVE-2021-1137 Security Impact Rating (SIR): High CVSS Base Score: 7.8 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H  CVE-2021-1480: Cisco SD-WAN vManage Privilege Escalation Vulnerability  A vulnerability in system file transfer functions of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system.  The vulnerability is due to improper validation of input to the system file transfer functions. An authenticated attacker could exploit this vulnerability by sending specially crafted requests to the vulnerable system. A successful exploit could allow the attacker to overwrite arbitrary files and modify the system to allow the attacker to gain root privileges on the underlying operating system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.  Bug ID(s): CSCvw31395 and CSCvs98509 CVE ID: CVE-2021-1480 Security Impact Rating (SIR): High CVSS Base Score: 7.8 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Partner Portal Header Gradient

Mitigation Recommendation

Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software. Customers are advised to upgrade to an appropriate fixed software release as indicated in the following table.              Customers are advised to upgrade to an appropriate fixed software release as indicated in the following table: Cisco SD-WAN vManage Release First Fixed Release First Fixed Release for all Vulnerabilities in this Advisory 18.4 and earlier Migrate to a fixed release. Migrate to a fixed release 19.2 19.2.4 19.2.4 19.3 Migrate to a fixed release. Migrate to a fixed release. 20.1 Migrate to a fixed release. Migrate to a fixed release. 20.3 20.3.3 20.3.3 20.4 20.4.1 20.4.1
Gradient Roadmap Microsoft Exchange Server Hacks: Everything You Need to Know