Multiple vulnerabilities in Cisco SD-WAN
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2021-1241 CVE-2021-1273 CVE-2021-1274 CVE-2021-1278 CVE-2021-1279 |
| CWE-ID | CWE-119 CWE-476 CWE-59 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco SD-WAN Client/Desktop applications / Virtualization software Cisco SD-WAN vEdge Routers Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco SD-WAN vEdge Cloud Router Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco SD-WAN vBond Orchestrator Other software / Other software solutions Cisco SD-WAN vManage Other software / Other software solutions Cisco IOS XE SD-WAN Other software / Other software solutions Cisco SD-WAN vSmart Controller Hardware solutions / Other hardware appliances |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU50011
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1241
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in VPN tunneling features. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco SD-WAN: 18.3.0 - 20.4.0
Cisco SD-WAN vEdge Routers: All versions
CPE2.3- cpe:2.3:a:cisco_systems:cisco_sd-wan:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco_systems:cisco_sd-wan:18.3.0:*:*:*:*:*:*:
- cpe:2.3:a:cisco_systems:cisco_sd-wan:18.4.0:*:*:*:*:*:*:
- cpe:2.3:h:cisco_systems:cisco_sd-wan_vedge_routers:*:*:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU50012
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1273
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the bounds checking in the forwarding plane of the IPSec tunnel management functionality. A remote attacker can send specially crafted IPv4 or IPv6 packets, trigger memory corruption and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco SD-WAN vBond Orchestrator: All versions
Cisco SD-WAN vEdge Cloud Router: All versions
Cisco SD-WAN vEdge Routers: All versions
Cisco SD-WAN vManage: All versions
Cisco SD-WAN vSmart Controller: All versions
Cisco SD-WAN: 18.3.0 - 20.4.0
CPE2.3- cpe:2.3:a:cisco_systems:cisco_sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:
- cpe:2.3:h:cisco_systems:cisco_sd-wan_vedge_cloud_router:*:*:*:*:*:*:*:
- cpe:2.3:h:cisco_systems:cisco_sd-wan_vedge_routers:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco_systems:Catalyst SD-WAN Manager:*:*:*:*:*:*:*:
- cpe:2.3:h:cisco_systems:cisco_sd-wan_vsmart_controller:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco_systems:cisco_sd-wan:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco_systems:cisco_sd-wan:18.3.0:*:*:*:*:*:*:
- cpe:2.3:a:cisco_systems:cisco_sd-wan:18.4.0:*:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU50013
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1274
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in vDaemon. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco SD-WAN vBond Orchestrator: All versions
Cisco SD-WAN vEdge Cloud Router: All versions
Cisco SD-WAN vEdge Routers: All versions
Cisco SD-WAN vManage: All versions
Cisco SD-WAN vSmart Controller: All versions
Cisco IOS XE SD-WAN: before 16.12.4
CPE2.3- cpe:2.3:a:cisco_systems:cisco_sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:
- cpe:2.3:h:cisco_systems:cisco_sd-wan_vedge_cloud_router:*:*:*:*:*:*:*:
- cpe:2.3:h:cisco_systems:cisco_sd-wan_vedge_routers:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco_systems:Catalyst SD-WAN Manager:*:*:*:*:*:*:*:
- cpe:2.3:h:cisco_systems:cisco_sd-wan_vsmart_controller:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco_systems:cisco_ios_xe_sd-wan:*:*:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Link following
EUVDB-ID: #VU50014
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1278
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to the absence of validation checks for the input that is used to create symlinks. A local user can create a symlink to a target file on a specific path and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco SD-WAN vBond Orchestrator: All versions
Cisco SD-WAN vEdge Cloud Router: All versions
Cisco SD-WAN vEdge Routers: All versions
Cisco SD-WAN vManage: All versions
Cisco SD-WAN vSmart Controller: All versions
Cisco SD-WAN: 18.3.0 - 20.3.0
CPE2.3- cpe:2.3:a:cisco_systems:cisco_sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:
- cpe:2.3:h:cisco_systems:cisco_sd-wan_vedge_cloud_router:*:*:*:*:*:*:*:
- cpe:2.3:h:cisco_systems:cisco_sd-wan_vedge_routers:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco_systems:Catalyst SD-WAN Manager:*:*:*:*:*:*:*:
- cpe:2.3:h:cisco_systems:cisco_sd-wan_vsmart_controller:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco_systems:cisco_sd-wan:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco_systems:cisco_sd-wan:18.3.0:*:*:*:*:*:*:
- cpe:2.3:a:cisco_systems:cisco_sd-wan:18.4.0:*:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU50015
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1279
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the SNMPv3 management feature. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco SD-WAN vBond Orchestrator: All versions
Cisco SD-WAN vEdge Cloud Router: All versions
Cisco SD-WAN vEdge Routers: All versions
Cisco SD-WAN vManage: All versions
Cisco SD-WAN vSmart Controller: All versions
Cisco SD-WAN: 18.3.0 - 20.4.0
CPE2.3- cpe:2.3:a:cisco_systems:cisco_sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:
- cpe:2.3:h:cisco_systems:cisco_sd-wan_vedge_cloud_router:*:*:*:*:*:*:*:
- cpe:2.3:h:cisco_systems:cisco_sd-wan_vedge_routers:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco_systems:Catalyst SD-WAN Manager:*:*:*:*:*:*:*:
- cpe:2.3:h:cisco_systems:cisco_sd-wan_vsmart_controller:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco_systems:cisco_sd-wan:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco_systems:cisco_sd-wan:18.3.0:*:*:*:*:*:*:
- cpe:2.3:a:cisco_systems:cisco_sd-wan:18.4.0:*:*:*:*:*:*:
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
