The Cisco SD-WAN vManage administration software program is impacted by a flaw that enables an unauthenticated, distant attacker to achieve learn or restricted write permissions to the configuration of the affected occasion.
Cisco SD-WAN vManage is a cloud-based answer permitting organizations to design, deploy, and handle distributed networks throughout a number of places.
vManage situations are deployments that may serve in centralized community administration, organising VPNs, SD-WAN orchestration, gadget configuration deployment, coverage enforcement, and many others.
Cisco printed a safety bulletin yesterday informing of a critical-severity vulnerability within the request authentication validation for the REST API of Cisco SD-WAN vManage software program, tracked as CVE-2023-20214.
The flaw is attributable to an inadequate request validation when utilizing the REST API characteristic, which will be exploited by sending a specially-crafted API request to the affected vManage situations.
This might allow attackers to learn delicate data from the compromised system, modify sure configurations, disrupt community operations, and extra.
“A profitable exploit may permit the attacker to retrieve data from and ship data to the configuration of the affected Cisco vManage occasion,” reads Cisco’s bulletin.
“This vulnerability solely impacts the REST API and doesn’t have an effect on the web-based administration interface or the CLI.”
Fixes and workarounds
Cisco SD-WAN vManage releases affected by CVE-2023-20214 are:
- v20.6.3.3 – fastened in v20.6.3.4
- v20.6.4 – fastened in v20.6.4.2
- v20.6.5 – fastened in v20.6.5.5
- v20.9 – fastened in v20.9.3.2
- v20.10 – fastened in v20.10.1.2
- v20.11 – fastened in v20.11.1.2
Furthermore, Cisco SD-WAN vManage variations 20.7 and 20.8 are additionally impacted, however there will not be any fixes launched for these two, so their customers are suggested emigrate to a distinct launch.
Variations between 18.x and 20.x not talked about within the above listing are usually not impacted by CVE-2023-20214.
Cisco says there aren’t any workarounds for this vulnerability; nonetheless, there are methods to scale back the assault floor considerably.
Community directors are suggested to make use of management entry lists (ACLs) that restrict entry to vManage situations solely to specified IP addresses, shutting the door to exterior attackers.
One other sturdy safety measure is utilizing API keys to entry APIs, a common advice by Cisco however not a tough requirement for vManage deployments.
Admins are additionally instructed to watch logs to detect makes an attempt to entry the REST API, indicating potential vulnerability exploitation.
To view the content material of the vmanage-server.log file, use the command "vmanage# present log /var/log/nms/vmanage-server.log".
