SB2021050616 - Multiple vulnerabilities in Cisco SD-WAN vManage
Published: May 6, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2021-1508)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the cluster mode management interface. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
2) Improper access control (CVE-ID: CVE-2021-1506)
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the cluster mode management interface. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.
3) Security restrictions bypass (CVE-ID: CVE-2021-1505)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the web-based management interface of Cisco SD-WAN vManage Software. A remote user can escalate privileges on the system.
4) Improper Authentication (CVE-ID: CVE-2021-1468)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests in cluster mode management interface. A remote attacker can bypass authentication process and compromise the affected system.
5) Resource management error (CVE-ID: CVE-2021-1275)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources when processing API requests. A remote attacker can send multiple API requests to the application and perform a denial of service (DoS) attack.
6) Improper Authentication (CVE-ID: CVE-2021-1284)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A remote attacker on the local network can bypass authentication process and modify the configuration of an affected system.
Successful exploitation of the vulnerability may result in full system compromise.
7) Improper access control (CVE-ID: CVE-2021-1515)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions to API endpoints. A remote non-authenticated attacker can bypass implemented security restrictions and gain access to sensitive information.
8) Stored cross-site scripting (CVE-ID: CVE-2021-1507)
The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
9) Improper Authorization (CVE-ID: CVE-2021-1535)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to absence of authentication for sensitive information in the cluster management interface. A remote non-authenticated attacker can send a specially crafted request to the cluster management interface and gain access to sensitive information.
To exploit the vulnerability the vManage Software must be in cluster mode.
10) Improper Authorization (CVE-ID: CVE-2021-1234)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to absence of authentication for sensitive information in the cluster management interface. A remote attacker can send a specially crafted request to the management interface and gain access to sensitive information.
Note, successful exploitation of the vulnerability requires that vManage software is in cluster mode.
11) Information disclosure (CVE-ID: CVE-2021-1486)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper handling of HTTP headers. A remote attacker can send specially crafted HTTP requests and enumerate user accounts based on responses sent by the application.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28360
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28402
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28390
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28454
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv67264
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-auth-bypass-65aYqcS2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-9VZO4gfU
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28372
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-eN75jxtW
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28350
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24115
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanageinfdis-LKrFpbv
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw11097
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmaninfdis3-OvdR6uu8
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28438
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28450
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-enumeration-64eNnDKy
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx21265