HomeWarnings/AdvisoriesHacking
Warnings/AdvisoriesHacking

Cisco Issues Update For ACE, Other Vulnerabilities In SD-WAN vManage

By Nicholas Brown
0
708
Network switch in a data center
Network cable in switch and firewall in cloud computing data center server rack. Image credit: kenny001 via Bigstock.

Cisco has issued software updates to address multiple vulnerabilities in their SD-WAN vManage software that could allow remote arbitrary code execution (ACE), unauthorized access to sensitive information, DoS attacks, or gain escalated privileges.

Cisco says that the following products are not affected:

  • IOS XE SD-WAN Software
  • SD-WAN cEdge Routers
  • SD-WAN vBond Orchestrator Software
  • SD-WAN vEdge Routers
  • SD-WAN vSmart Controller Software

CVE-2021-1468 – Unauthorized Message Processing Flaw

Security Impact Rating (SIR): Critical.

This is an unauthorized message processing vulnerability affecting devices operating in cluster mode. Due to inadequate authentication checks on user input. It could allow an attacker to remotely send unauthorized messages to the application and execute privileged actions. For example: Creating new accounts with administrator privileges .

CVE-2021-1505 – Privilege Escalation Vulnerability

Security Impact Rating (SIR): Critical.

In cluster mode, this vulnerability could allow an authenticated attacker to remotely bypass authorization checking and gain elevated privileges. This affects the SD-WAN web interface.

CVE-2021-1508 – Unauthorized Access Vulnerability

Security Impact Rating (SIR): High.

In cluster mode, the vulnerability could allow attackers to remotely bypass authorization checking and modify software in such a way that provides them with elevated privileges.

CVE-2021-1275 – API DoS Vulnerability

Security Impact Rating (SIR): High.

This vulnerability exists in one of the Cisco SD-WAN vManage Application Programming Interfaces (API). It allows remote attackers to perpetrate denial of service (DoS) attacks. Cisco said the issue is due to insufficient handling of API requests.

CVE-2021-1506 – Unauthorized Services Access Vulnerability

Security Impact Rating (SIR): High.

This vulnerability affects a service of the Cisco SD-WAN vManage software. It could allow a remote, authenticated attacker to gain unauthorized access to services on the affected device.

Cisco has published a list of products affected by the vulnerability, and all of the issues above are addressed by the updates.

Previous article
Dell Issues Update For Severe Privilege Escalation Vulnerabilities
Next article
Solar Carports Are A Brilliant Way To Protect Your Car
Nicholas Brown
Nicholas Brown has written for LDA, CleanTechnica, Gas2, the Texas Instruments blog, and Green Building Elements. He has a keen interest in science, technology, and the energy industry. Contact

Related Articles

Latest Articles

Load more

Kompulsa is a technology resource aimed at helping you to understand your world. Topics covered include electronics, science, blockchain, engineering, and much more!

Contact us: nicholas@kompulsa.com

Copyright © 2023 - Kompulsa.com.