The most critical vulnerability was discovered in the vContainer of the SD-WAN that would allow an authenticated, remote attacker to cause a denial of service (DoS) condition and allow them to execute as the root user. This affects the Cisco-hosted vContainer software running on Cisco SD-WAN versions prior to release 18.4.0.
According to Cisco’s advisory report, “the vulnerability is due to improper bounds checking by the vContainer. An attacker could exploit this vulnerability by sending a malicious file to an affected vContainer instance.” The vendor has already deployed the fixed software updates that address the flaw.
Cisco also deployed patches for three other flaws in its SD-WAN software. These were each marked as “high impact.”
The first of these high-impact vulnerabilities was traced to an insecure default configuration of the system. This affected the vSmart controller software versions running on top of a Cisco-hosted vController of the SD-WAN versions prior to release 18.4.0. The advisory from Cisco said that it would allow an authenticated, adjacent attacker to bypass authentication and gain direct, unauthorized access to other vSmart containers. This would enable to attacker to directly connect to exposed services and to retrieve or modify critical system files.
The next flaw affected a number of Cisco products when running the same release of the Cisco SD-WAN software. This included the vBond Orchestrator, vManage Network Management, and vSmart Controller softwares as well as vEdge 100, 1000, 2000, 5000 series routers and vEdge Cloud Router platform.
This was caused by failure to properly validate parameters included in the group configuration, which allowed attackers to gain elevated privileges on the affected device. According to the advisory, if exploited, this “could allow the attacker to gain root-level privileges and take full control of the device.
The final flaw was attributed to multiple vulnerabilities in the local command line interface (CLI) of the SD-WAN software. This affects the same devices as the previous flaw.
Cisco warned that the vulnerabilities, caused by user input not being properly sanitized for certain CLI commands, would allow attackers to escalate their privileges and modify device configuration files. Once the attacker gained access, they would’ve been able to send crafted commands to the CLI and compromise the device or obtain configuration data from the device.
Over the past week, Cisco has released 23 security alerts to a number of additional softwares. This included vulnerabilities to its small business switches, WebEx platform, and defense software.