Vulnerabilities in Cisco SD-WAN Allow Arbitrary Code Execution


Cisco has patched a number of critical vulnerabilities in its software-defined wide area network (SD-WAN) solutions for business users.


A total of eight SD-WAN buffer overflow and command execution vulnerabilities were addressed. The most dangerous problems can be exploited by a remote unauthorized attacker to execute arbitrary code on a vulnerable system with superuser rights.


One of the critical vulnerabilities (CVE-2021-1299) is contained in the web-based management interface of the Cisco SD-WAN vManage software. The issue scored 9.9 out of 10 on the CVSS scale and could allow an authenticated remote attacker to root-level access to a vulnerable system and execute arbitrary commands as superuser on the system.


The problem is related to incorrect validation of the input data for the configuration of the device template. An attacker could exploit this vulnerability by sending specially crafted input to the device template configuration.


Another critical buffer overflow vulnerability (CVE-2021-1300) was rated 9.8 out of 10 on the CVSS scale and is associated with incorrect processing of IP traffic. An attacker could exploit the vulnerability by sending specially crafted IP traffic to a vulnerable device, causing a processing buffer overflow. Ultimately, this will allow him to execute arbitrary code with superuser rights.


Issues affect the following products with affected SD-WAN software: IOS XE SD-WAN Software, SD-WAN vBond Orchestrator Software, SD-WAN vEdge Cloud Routers, SD-WAN vEdge Routers, SD-WAN vManage Software, and SD-WAN vSmart Controller Software.


Three other critical vulnerabilities (CVE-2021-1138, CVE-2021-1140, and CVE-2021-1142) have been patched in the Cisco Smart Software Manager satellite and scored 9.8 out of 10 on the CVSS scale. They are tied to the Cisco Smart Software Manager web user interface and can allow a remote, unauthorized attacker to execute arbitrary commands as a highly privileged user on a vulnerable device.


Issues affect Cisco Smart Software Manager Satellite 5.1.0 and later, and have been fixed in 6.3.0 and earlier.


Another issue was found in the Command Runner tool in the Cisco DNA Center. The vulnerability (CVE-2021-1264) scored 9.6 out of 10 on the CVSS scale and affects all versions of Cisco DNA Center software older than 1.3.1.0. The vulnerability was fixed in software versions 1.3.1.0 and earlier.


The issue is related to incorrect validation of input data using the Command Runner tool, which allows users to send diagnostic CLI commands to selected devices. Successful exploitation allows arbitrary CLI commands to be executed on devices running Cisco DNA Center.

Previous Post Next Post