"Critical Cisco SD-WAN Vulnerability Leads to Information Leaks"

A recently discovered remotely-exploitable critical vulnerability in the Cisco SD-WAN vManage software could allow unauthenticated attackers to retrieve information from vulnerable instances.  Tracked as CVE-2023-20214 (CVSS score of 9.1), the vulnerability exists because the REST API feature of vManage does not sufficiently validate requests.  Cisco noted that the vManage API allows administrators to configure, control, and monitor Cisco devices over the network.  Cisco stated that an attacker could trigger the vulnerability by sending a crafted API request to a vulnerable instance to retrieve information from vManage or send information to it.  Cisco explained in an advisory that a vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.  Cisco noted that the web-based management interface and the CLI are not impacted by this security defect.  Cisco said that to hunt for attempts to access the REST API, administrators are advised to examine a log file.  The existence of requests in the log, however, does not indicate unauthorized access.  Cisco noted that while there are no workarounds to address this bug, implementing access control lists (ACLs) to limit vManage access mitigates the issue.  Cisco explained that in cloud hosted deployments, access to vManage is limited by ACLs that contain permitted IP addresses.  Network administrators should review and edit the permitted IP addresses in the ACLs.  In on-premises deployments, vManage access can be limited in a similar way by using ACLs and configuring permitted IP addresses.  The vulnerability has been addressed with the release of SD-WAN vManage versions 20.6.3.4, 20.6.4.2, 20.6.5.5, 20.9.3.2, 20.10.1.2, and 20.11.1.2.  Versions 18.3 to 20.6.3.2 are not affected.  Customers using SD-WAN vManage versions 20.7 and 20.8 are advised to migrate to a patched version.  Cisco noted that it is unaware of this vulnerability being exploited in attacks.

SecurityWeek reports: "Critical Cisco SD-WAN Vulnerability Leads to Information Leaks"