Cisco has patched a clutch of high-priority vulnerabilities in its SD-WAN routers and their management software that admins will want to apply as soon as possible.
SD-WAN is a technology that allows large companies to manage different types of Wide Area Network (WAN) communications links such as carrier MPLS, conventional broadband, and mobile 4G as a single virtual entity.
Making SD-WAN work requires specific routers that support it, spread out across the WAN, as well as management software to interact with this infrastructure. It is this software that is vulnerable.
There are five CVEs in total, three of which are rated high, including one, CVE-2020-3266, given a CVSS severity score of 7.8.
The latter is a privilege escalation vulnerability in the SD-WAN management software used with a range of Cisco routers, including the vEdge 100 Series, 1000 Series, 2000 Series, 5000 Series, and Cloud Router.
Also affected are the vBond Orchestrator, vManage Network Management System, and vSmart Controller software.
The other four CVEs are:
- CVE-2020-3264, a buffer overflow affecting the same products, rated high priority.
- CVE-2020-3265, another privilege escalation issue affecting the same products, rated high that could allow a “local attacker to elevate privileges to root on the underlying operating system.”
- CVE-2019-16010, a cross-site scripting (XSS) issue affecting the vManage user interface exploitable by persuading a user to click on a malicious link.
- CVE-2019-16012, a SQL injection flaw affecting vManage which could allow an attacker to send malicious SQL queries to an unpatched system.
What to do
There are no workarounds for any of these – all must be patched to address the vulnerabilities. So far, none are being exploited in the wild.
For all products, the solution is to upgrade to vManage version 19.2.2, although how this is done varies slightly from router to router.
The fixes follow a big round from earlier this month affecting Cisco’s WebEx conferencing software that admins won’t want to skip given the increased demand for this service right now.
Latest Naked Security podcast
LISTEN NOW
Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.
Larry Marks
First line: “routes” should be “routers”.
Paul Ducklin
Fixed, thanks!