Cisco has tackled three vulnerabilities in SD-WAN that could be exploited to compromise routers, controller software, and network management systems.
On Wednesday, Cisco said each bug, deemed "high" risk, impacts vBond Orchestrator, vEdge 100/1000/2000/5000 series routers, the vEdge cloud router platform, Cisco's vManage network management system, and vSmart controller software if they are running SD-WAN software prior to version 19.2.2.
The first vulnerability, tracked as CVE-2020-3266 and awarded a CVSS severity score of 7.8, is a command injection issue in SD-WAN's command-line interface caused by insufficient input validation. If exploited, attackers are able to "inject arbitrary commands that are executed with root privileges," according to the tech giant.
The second security problem addressed by Cisco is CVE-2020-3264. Issued a CVSS score of 7.1, this vulnerability is also caused by insufficient input validation in SD-WAN. If exploited by sending crafted traffic to the software, the bug can trigger a buffer overflow and leak sensitive information.
CVE-2020-3265, issued a CVSS score of 7, is the final bug squashed in Cisco's latest security update.
"The vulnerability is due to insufficient input validation," Cisco says. "An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain root-level privileges."
The security flaws are all deemed important, but it is important to note that attackers must already have some form of authentication and each vulnerability can only be exploited locally.
There are no workarounds for any of the vulnerabilities and Cisco recommends that users accept incoming, automatic software updates to mitigate the risk of exploit.
Cisco thanked Orange Group for reporting the bugs.
Last month, Cisco had to address Kr00k, a severe security flaw in Wi-Fi devices operating with Broadcom or Cypress Wi-Fi chipsets that permits packet decryption over WPA2 Personal/Enterprise Wi-Fi channels. Tracked as CVE-2019-15126, the bug's exploitation could result in data theft and sensitive information disclosure.
Previous and related coverage
- Cisco Live becomes latest conference to go digital due to coronavirus
- Cisco critical bugs: Nexus data center switch software needs patching now
- Cisco patches incoming to address Kr00k vulnerability impacting routers, firewall products
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0