Multiple vulnerabilities in Cisco SD-WAN



Published: 2021-01-26
Risk Medium
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2021-1241
CVE-2021-1273
CVE-2021-1274
CVE-2021-1278
CVE-2021-1279
CWE-ID CWE-119
CWE-476
CWE-59
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Cisco SD-WAN
Client/Desktop applications / Virtualization software

Cisco SD-WAN vEdge Routers
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco SD-WAN vEdge Cloud Router
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco SD-WAN vBond Orchestrator
Other software / Other software solutions

Cisco SD-WAN vManage
Other software / Other software solutions

Cisco IOS XE SD-WAN
Other software / Other software solutions

Cisco SD-WAN vSmart Controller
Hardware solutions / Other hardware appliances

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU50011

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1241

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in VPN tunneling features. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco SD-WAN: 18.3.0 - 20.4.0

Cisco SD-WAN vEdge Routers: All versions

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU50012

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1273

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the bounds checking in the forwarding plane of the IPSec tunnel management functionality. A remote attacker can send specially crafted IPv4 or IPv6 packets, trigger memory corruption and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco SD-WAN vBond Orchestrator: All versions

Cisco SD-WAN vEdge Cloud Router: All versions

Cisco SD-WAN vEdge Routers: All versions

Cisco SD-WAN vManage: All versions

Cisco SD-WAN vSmart Controller: All versions

Cisco SD-WAN: 18.3.0 - 20.4.0

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU50013

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1274

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in vDaemon. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco SD-WAN vBond Orchestrator: All versions

Cisco SD-WAN vEdge Cloud Router: All versions

Cisco SD-WAN vEdge Routers: All versions

Cisco SD-WAN vManage: All versions

Cisco SD-WAN vSmart Controller: All versions

Cisco IOS XE SD-WAN: before 16.12.4

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Link following

EUVDB-ID: #VU50014

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1278

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to the absence of validation checks for the input that is used to create symlinks. A local user can create a symlink to a target file on a specific path and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco SD-WAN vBond Orchestrator: All versions

Cisco SD-WAN vEdge Cloud Router: All versions

Cisco SD-WAN vEdge Routers: All versions

Cisco SD-WAN vManage: All versions

Cisco SD-WAN vSmart Controller: All versions

Cisco SD-WAN: 18.3.0 - 20.3.0

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU50015

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1279

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the SNMPv3 management feature. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco SD-WAN vBond Orchestrator: All versions

Cisco SD-WAN vEdge Cloud Router: All versions

Cisco SD-WAN vEdge Routers: All versions

Cisco SD-WAN vManage: All versions

Cisco SD-WAN vSmart Controller: All versions

Cisco SD-WAN: 18.3.0 - 20.4.0

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###