Cisco Issues Update For ACE, Other Vulnerabilities In SD-WAN vManage

Cisco has issued software updates to address multiple vulnerabilities in their SD-WAN vManage software that could allow remote arbitrary code execution (ACE), unauthorized access to sensitive information, DoS attacks, or gain escalated privileges.

Cisco says that the following products are not affected:

IOS XE SD-WAN Software
SD-WAN cEdge Routers
SD-WAN vBond Orchestrator Software
SD-WAN vEdge Routers
SD-WAN vSmart Controller Software

CVE-2021-1468 – Unauthorized Message Processing Flaw

Security Impact Rating (SIR): Critical.

This is an unauthorized message processing vulnerability affecting devices operating in cluster mode. Due to inadequate authentication checks on user input. It could allow an attacker to remotely send unauthorized messages to the application and execute privileged actions. For example: Creating new accounts with administrator privileges .

CVE-2021-1505 – Privilege Escalation Vulnerability

Security Impact Rating (SIR): Critical.

In cluster mode, this vulnerability could allow an authenticated attacker to remotely bypass authorization checking and gain elevated privileges. This affects the SD-WAN web interface.

CVE-2021-1508 – Unauthorized Access Vulnerability

Security Impact Rating (SIR): High.

In cluster mode, the vulnerability could allow attackers to remotely bypass authorization checking and modify software in such a way that provides them with elevated privileges.

CVE-2021-1275 – API DoS Vulnerability

Security Impact Rating (SIR): High.

This vulnerability exists in one of the Cisco SD-WAN vManage Application Programming Interfaces (API). It allows remote attackers to perpetrate denial of service (DoS) attacks. Cisco said the issue is due to insufficient handling of API requests.

CVE-2021-1506 – Unauthorized Services Access Vulnerability

Security Impact Rating (SIR): High.

This vulnerability affects a service of the Cisco SD-WAN vManage software. It could allow a remote, authenticated attacker to gain unauthorized access to services on the affected device.

Cisco has published a list of products affected by the vulnerability, and all of the issues above are addressed by the updates.

Stellantis Moves Forward With Semi-Solid-State Batteries

China Cracks Down On Self-Driving Car Claims

New Chipolo Tracker Works With Both iPhone And Android Networks

Meta

Featured Posts

Stellantis Moves Forward With Semi-Solid-State Batteries

China Cracks Down On Self-Driving Car Claims

New Chipolo Tracker Works With Both iPhone And Android Networks

Let`s Get Social

Cisco Issues Update For ACE, Other Vulnerabilities In SD-WAN vManage

CVE-2021-1468 – Unauthorized Message Processing Flaw

CVE-2021-1505 – Privilege Escalation Vulnerability

CVE-2021-1508 – Unauthorized Access Vulnerability

CVE-2021-1275 – API DoS Vulnerability

CVE-2021-1506 – Unauthorized Services Access Vulnerability

Dell Issues Update For Severe Privilege Escalation Vulnerabilities

Solar Carports Are A Brilliant Way To Protect Your Car

Leave a ReplyCancel reply

Meta

Featured Posts

Let`s Get Social

Cisco Issues Update For ACE, Other Vulnerabilities In SD-WAN vManage

CVE-2021-1468 – Unauthorized Message Processing Flaw

CVE-2021-1505 – Privilege Escalation Vulnerability

CVE-2021-1508 – Unauthorized Access Vulnerability

CVE-2021-1275 – API DoS Vulnerability

CVE-2021-1506 – Unauthorized Services Access Vulnerability

Share this article

Dell Issues Update For Severe Privilege Escalation Vulnerabilities

Solar Carports Are A Brilliant Way To Protect Your Car

Leave a ReplyCancel reply

Read next