Cisco has confirmed that these vulnerabilities have not been exploited in the wild, at least as of now.
KEY FINDINGS
- Multiple vulnerabilities have been found in Cisco’s Catalyst SD-WAN Manager.
- There isn’t any workaround available for these issues.
- Catalyst SD-WAN Manager is a centralized network management system.
- It is highly crucial to patch the system to stay protected.
- In total four vulnerabilities have been reported, one with a Critical severity level, 3 having a High severity level, and one was assigned Medium severity.
- Unpatched systems can allow cybercriminals to gain unauthorized access to user accounts, make changes as they desire, and even cause DoS attacks.
Networking, IT, telecom, and cybersecurity solutions provider Cisco has released a critical security advisory to alert users about the vulnerabilities found in its Catalyst SD-WAN Manager, previously known as Cisco SD-WAN vManage.
The company discovered multiple vulnerabilities in the product, which can let an attacker obtain unauthorized access or launch a Denial of Service (DoS) attack on the infected system. An attacker with elevated privileges can install programs, modify/view/delete data, and create new user accounts with full rights. However, users having accounts with fewer rights may not be as impacted compared to those having accounts with administrative rights.
Cisco’s advisory read that none of the vulnerabilities depend on each other. This means it isn’t necessary to exploit multiple flaws to succeed. Moreover, a software version impacted by one of these flaws may not necessarily be impacted by other software flaws.
Vulnerable Products:
- Cisco Catalyst SD-WAN Manager 20.3 – 20.12
Non-Vulnerable Products:
- IOS XE Software
- SD-WAN cEdge Routers
- SD-WAN vEdge Routers
Cisco has confirmed that these vulnerabilities haven’t yet been exploited in the wild. The high-risk entities include large to medium government institutions/organizations, whereas risk intensity for small government entities is medium and low for home users.
Vulnerabilities Details
CVE-2023-20252 has a critical severity level with a CVSS score of 9.8. It allows unauthorized access to the SD-WAN Manager through SAML (Security Assertion Markup Language) APIs. An unauthenticated actor can gain unauthorized access to the application as an arbitrary user.
CVE-2023-20253 has been rated High and has a CVSS score of 8.4. It was found in the CLI (command-line interface) of the manager. It can let an authenticated, local actor with read-only privileges evade the authorization process, reverse controller configurations, and deploy them to downstream users.
CVE-2023-20034 is also rated High and was assigned a CVVSS Base Score of 7.5. It is an information disclosure vulnerability that allows an unauthenticated, remote attacker to access the Elasticsearch database of an impacted system by obtaining Elasticsearch user privileges.
CVE-2023-20254 has a high severity rating and a CVSS score of 7.2. It is linked to the session management system of the manager’s multi-tenant feature. An unauthorized, remote actor can access another tenant and make unauthorized configuration changes or cause a DoS attack.
CVE-2023-20262 is a medium-severity vulnerability with a CVSS score of 5.3. It was found in the manager’s SSH (Secure Shell) service and can lead to a crash, causing a DoS situation for SSH access.
These issues impact the Cisco Catalyst SD-WAN Manager. Cisco has released free software updates to address these issues. Since no workarounds are available for these issues, it is necessary to fix the software to stay protected.