Cisco fixes five vulnerabilities affecting SD-WAN solutions
These vulnerabilities impact Cisco products using SD-WAN software earlier than Release 19.2.2
Cisco has released patches to address five security vulnerabilities affecting its routers and software-defined WAN (SD-WAN) management and controller software.
According to Cisco, these bugs, if exploited, could enable threat actors to run commands with root privileges on vulnerable systems.
All five flaws, however, require authentication before they can be exploited by an attacker.
Three of the bugs are rated as "high impact" flaws, affecting Cisco products using SD-WAN software earlier than Release 19.2.2.
The hardware affected by these flaws includes Cisco vBond and vSmart controllers, the vManage Network Management system, the vBond Orchestrator software, as well as various vEdge routers and vEdge cloud router platform.
The most severe of these flaws is CVE-2020-3266, which exists in the Command Line Interface (CLI) of Cisco SD-WAN Solution software. This flaw stems from insufficient input validation in the software and could allow an authenticated, local attacker to run arbitrary commands with root privileges.
The flaw is assigned a CVSS score of 7.8 out of 10.0, making it a high-severity flaw.
It affects following Cisco products if they are using a SD-WAN Solution software earlier than Release 19.2.2:
- vBond Orchestrator Software
- vEdge 100 Series Routers
- vEdge 1000 Series Routers
- vEdge 2000 Series Routers
- vEdge 5000 Series Routers
- vEdge Cloud Router Platform
- vManage Network Management System
- vSmart Controller Software
The second flaw addressed by Cisco in its SD-WAN solution is CVE-2020-3264. It is also a buffer overflow flaw, which arises due to insufficient input validation in the software.
The flaw, assigned a CVSS score of 7.1, could be exploited by sending specially-crafted traffic to a vulnerable device. It could enable local, authenticated attackers to access sensitive information from a vulnerable system and also make changes to it, which they are not authorised to make.
The third high-severity flaw affecting Cisco's SD-WAN Solution is CVE-2020-3265, a privilege escalation bug that can be exploited by sending a crafted request to a vulnerable system.
The flaw, which is issued a CVSS score of 7.0, could allow an authenticated, local attacker to elevate privileges and ultimately gain "root-level" privileges on the underlying OS.
The two medium-impact vulnerabilities fixed by Cisco impact the web user interface of the SD-WAN vManage software.
One flaw (CVE-2019-16010) enables attackers to launch a cross-site scripting attack, while the other (CVE-2019-16012) enables SQL injection attacks on a vulnerable system.
Cisco said that it is currently not aware of any malicious use of these bugs by threat actors.