VMware and Now Cisco SD-WAN Cybersecurity Issues

It has been a big week for cybersecurity in the SD-WAN space. As we’ve mentioned before, SD-WAN is itself a technology often deployed due to cybersecurity and yet is also can pose vulnerability issues.

A few days ago, we reported on VMWare SD-WAN issues and said:

Palo Alto Networks discovered a new variant of Mirai that has eight new exploits against a wide range of embedded devices. These newly targeted devices range from wireless presentation systems to set-top-boxes, SD-WANs, and even smart home controllers.
The target, VMware’s SDX line of SD-WAN appliances – now has an updated software version that fixes the vulnerability.

Now there is an issue with Cisco SD-WAN solutions.

Although SD-WAN does not make up a huge amount of Cisco sales at this point, the networking leader put out an alert today relating to cybersecurity across its product line. Of the nine updates suggested, a full three of them or 33% were related to SD-WAN.

The vulnerabilities are as follows:

The SD-WAN Solution Privilege Escalation Vulnerability is a vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device.

The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow the attacker to make configuration changes to the system as the root user. The threat is considered Critical.

A second SD-WAN Solution Privilege Escalation Vulnerability is a vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device.

The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An attacker could exploit this vulnerability by logging in to the vManage Web UI and sending crafted HTTP requests to vManage. A successful exploit could allow attackers to gain elevated privileges and make changes to the configuration that they would not normally be authorized to make. The threat is considered High.

The SD-WAN Solution Command Injection Vulnerability is a vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the vManage Web UI. A successful exploit could allow the attacker to execute commands with root privileges. The threat is considered High.

This serves as a reminder of how important it is to patch all systems, SD-WAN and otherwise. Attackers will target whatever they can get into and once exploits are known, more attackers will target them. This is why it is crucial to patch as fast as you can to keep your enterprise secure.

Learn about the latest in everything you need! UCaaS, the Channel, IT, IOT, Edge, Cybersecurity, AI, SD-WAN, and the Future of Work at the world’s only SD-WAN Expo and MSP Expo, part of the ITEXPO #TechSuperShow, Feb 12-14, 2020 Fort Lauderdale, FL.