The Cisco SD-WAN vManage administration software program is impacted by a flaw that permits an unauthenticated, distant attacker to achieve learn or restricted write permissions to the configuration of the affected occasion.
Cisco SD-WAN vManage is a cloud-based resolution permitting organizations to design, deploy, and handle distributed networks throughout a number of areas.
vManage situations are deployments that may serve in centralized community administration, organising VPNs, SD-WAN orchestration, system configuration deployment, coverage enforcement, and so on.
Cisco revealed a safety bulletin yesterday informing of a critical-severity vulnerability within the request authentication validation for the REST API of Cisco SD-WAN vManage software program, tracked as CVE-2023-20214.
The flaw is brought on by an inadequate request validation when utilizing the REST API function, which will be exploited by sending a specially-crafted API request to the affected vManage situations.
This might allow attackers to learn delicate data from the compromised system, modify sure configurations, disrupt community operations, and extra.
“A profitable exploit may permit the attacker to retrieve data from and ship data to the configuration of the affected Cisco vManage occasion,” reads Cisco’s bulletin.
“This vulnerability solely impacts the REST API and doesn’t have an effect on the web-based administration interface or the CLI.”
Fixes and workarounds
Cisco SD-WAN vManage releases affected by CVE-2023-20214 are:
- v220.127.116.11 – mounted in v18.104.22.168
- v20.6.4 – mounted in v22.214.171.124
- v20.6.5 – mounted in v126.96.36.199
- v20.9 – mounted in v188.8.131.52
- v20.10 – mounted in v184.108.40.206
- v20.11 – mounted in v220.127.116.11
Furthermore, Cisco SD-WAN vManage variations 20.7 and 20.8 are additionally impacted, however there received’t be any fixes launched for these two, so their customers are suggested emigrate to a distinct launch.
Variations between 18.x and 20.x not talked about within the above checklist aren’t impacted by CVE-2023-20214.
Cisco says there are not any workarounds for this vulnerability; nonetheless, there are methods to scale back the assault floor considerably.
Community directors are suggested to make use of management entry lists (ACLs) that restrict entry to vManage situations solely to specified IP addresses, shutting the door to exterior attackers.
One other strong safety measure is utilizing API keys to entry APIs, a normal suggestion by Cisco however not a tough requirement for vManage deployments.
Admins are additionally instructed to watch logs to detect makes an attempt to entry the REST API, indicating potential vulnerability exploitation.
To view the content material of the vmanage-server.log file, use the command
"vmanage# present log /var/log/nms/vmanage-server.log".
Authentic Put up URL: https://www.bleepingcomputer.com/information/safety/cisco-sd-wan-vmanage-impacted-by-unauthenticated-rest-api-access/