Cisco has released two critical warnings about security issues with its SD-WAN and DNA Center software packages.
The worse, with a Common Vulnerability Scoring System rating of 9.3 out of 10, is a vulnerability in its Digital Network Architecture (DNA) Center software that could let an unauthenticated attacker connect an unauthorised network device to the subnet designated for cluster services.
A successful exploit could let an attacker reach internal services that are not hardened for external access, Cisco stated. The vulnerability is due to insufficient access restriction on ports necessary for system operation, and the company discovered the issue during internal security testing, Cisco stated.
Cisco DNA Center gives IT teams the ability to control access through policies using Software-Defined Access, automatically provision through Cisco DNA Automation, virtualise devices through Cisco Network Functions Virtualization (NFV), and lower security risks through segmentation and Encrypted Traffic Analysis.
This vulnerability affects Cisco DNA Center Software releases prior to 1.3, and it is fixed in version 1.3 and releases after that.
Cisco wrote that system updates are available from the Cisco cloud but not from the Software Center on Cisco.com. To upgrade to a fixed release of Cisco DNA Center Software, administrators can use the “System Updates” feature of the software.
A second critical warning – with a CVVS score of 7.8 – is a weakness in the command-line interface of the Cisco SD-WAN Solution that could let an authenticated local attacker elevate lower-level privileges to the root user on an affected device.
Cisco wrote that the vulnerability is due to insufficient authorisation enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges.
A successful exploit could let the attacker make configuration changes to the system as the root user, the company stated.
This vulnerability affects a range of Cisco products running a release of the Cisco SD-WAN Solution prior to Releases 18.3.6, 18.4.1, and 19.1.0 including:
- vBond Orchestrator Software
- vEdge 100 Series Routers
- vEdge 1000 Series Routers
- vEdge 2000 Series Routers
- vEdge 5000 Series Routers
- vEdge Cloud Router Platform
- vManage Network Management Software
- vSmart Controller Software
Cisco said it has released free software updates that address the vulnerability described in this advisory. Cisco wrote that it fixed this vulnerability in Release 18.4.1 of the Cisco SD-WAN Solution. The two critical warnings were included in a dump of nearly 30 security advisories.
There were two other “High” impact rated warnings involving the SD-WAN software.
One, a vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could let an authenticated, remote attacker gain elevated privileges on an affected vManage device, Cisco wrote.
The vulnerability is due to a failure to properly authorise certain user actions in the device configuration. An attacker could exploit this vulnerability by logging in to the vManage Web UI and sending crafted HTTP requests to vManage.
A successful exploit could let attackers gain elevated privileges and make changes to the configuration that they would not normally be authorised to make, Cisco stated.
Another vulnerability in the vManage web-based UI could let an authenticated, remote attacker inject arbitrary commands that are executed with root privileges.
This exposure is due to insufficient input validation, Cisco wrote. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the vManage Web UI.
Both vulnerabilities affect Cisco vManage Network Management Software that is running a release of the Cisco SD-WAN Solution prior to Release 18.4.0 and Cisco has released free software updates to correct them.
Other high-rated vulnerabilities Cisco disclosed included:
- A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device.
- A weakness in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition.
- A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.
Cisco has released software fixes for those advisories as well.