Security bugs in SD-WAN offerings could allow attackers to run malicious code with root privileges or execute malicious CLI commands
Cisco has warned of a number of critical flaws in its software-defined networking for wide-area networks (SD-WAN) products aimed at enterprises.
The company issued patches for eight buffer-overflow and command-injection flaws in its SD-WAN tools.
The most serious of these could allow a remote attacker with valid login credentials to gain root privileges for the execution of malicious code.
“There are no workarounds that address these vulnerabilities,” Cisco said.
Command injection bugs
It said a critical-severity bug in the web-based management interface of its SD-WAN vManage software could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges.
While flaw CVE-2021-1299 can only be exploited with a valid login, it is serious enough to rate 9.9 out of 10 on the CVSS scale, the company said.
It said the vulnerability is due to improper validation of user-supplied input.
“An attacker could exploit this vulnerability by submitting crafted input to the device template configuration,” Cisco said in an advisory.
This flaw affects only the Cisco SD-WAN vManage product, but the company also warned of less severe command injection bugs affecting other SD-WAN products, which it detailed in the advisory.
The firm also detailed a flaw in its SD-WAN products that could allow an unauthenticated, remote attacker to cause a buffer overflow error.
The bug is caused by the incorrect handling of IP traffic, which could be exploited by sending malicious traffic through the device.
A successful exploit could allow the attacker to execute malicious code with root privileges, the company said, giving the flaw, CVE-2021-1300, a score of 9.8 out of 10.
This and other less severe buffer-overflow flaws, which are detailed in Cisco’s advisory, affect Cisco’s IOS XE SD-WAN Software, SD-WAN vBond Orchestrator Software, SD-WAN vEdge Cloud Routers, SD-WAN vEdge Routers, SD-WAN vManage Software and SD-WAN vSmart Controller Software.
Finally, Cisco warned of a critical flaw affecting the Command Runner tool in Cisco DNA Center that could allow an unauthenticated, remote attacker to perform a command injection attack.
The bug is caused by insufficient input validation by the Command Runner tool, which could allow the attacker to execute malicious CLI commands on devices managed by DNA Center.
The flaw, affecting Cisco DNA Center Software releases earlier than 220.127.116.11, merits a severity ranking of 9.6 out of 10, Cisco said in its advisory.
Cisco said it was not aware of any of the flaws being actively exploited.