Security Updates: Critical Root Gaps in SD-WAN Routers from Cisco

Source: Heise.de added 21st Jan 2021

  • security-updates:-critical-root-gaps-in-sd-wan-routers-from-cisco

The network equipment supplier Cisco has closed security gaps in several products.

Cisco hardware and software admins should install the latest security patches. Otherwise, attackers could attack networks and, in some cases, execute malicious code and thus take complete control.

Specific information on threatened versions and security updates can be found in the security warnings linked below this message

Execute commands as root As ” critical “classified vulnerabilities affect DNA Center Command Runner, SD-WAN and Smart Software Manager. In the case of SD-WAN, attackers could attack vEdge routers and vManage software, for example.

The error can be found in the web-based management interface. Due to a lack of verification, attackers could trigger errors by sending prepared input. Successful exploitation of the gaps (CVE – 1301 – 1260, CVE – 2021 – 1261, CVE – 2021 – 1262), Cisco claims that attackers could perform actions with root privileges.

Via two further loopholes (CVE – 2021 – 1300, CVE – 2021 – 1301) it is conceivable that attackers trigger a memory error by means of manipulated IP data traffic and thus execute malicious code with root rights on devices.

The holes in DNA Center Command Runner and Smart Software Manager can also leak malicious code onto systems: Cisco Expressway Software TURN Server Configuration Issue.

Other vulnerabilities With the severity ” high “ins tufte security gaps affect, among other things, Data Center Network Manager and Web Security Appliance. If attacks are successful, this can lead to DoS states, for example. In addition, attackers could log into Smart Software Manager using static access data.

In addition, Cisco gives tips in an article on how administrators can effectively protect Expressway from external access.

List sorted in descending order according to threat level:

SD-WAN Command Injection SD-WAN Buffer Overflow DNA Center Command Runner Command Injection Smart Software Manager Satellite Web UI Command Injection SD-WAN vManage Authorization Bypass Data Center Network Manager Server-Side Request Forgery Data Center Network Manager SQL Injection SD-WAN Denial of Service Smart Software Manager Sat ellite Static Credential Advanced Malware Protection for Endpoints and Immunet for Windows DLL Hijacking DNA Center Information Disclosure Data Center Network Manager Certificate Validation DNA Center Cross- Site Request Forgery Data Center Network Manager Authorization Bypass Smart Software Manager Satellite SQL Injection SD-WAN vManage Cypher Query Language Injection Unified Communications Products Data Center Network Manager REST API Data Center Network Manager SD-WAN vManage SQL Injection StarOS IPv4 Denial of Service SD-WAN vManage Information Disclosure Data Center Network Manager Information Disclosure SD -WAN vManage Software Path Traversal Elastic Services Controller Denial of Service Umbrella Dashboard Packet Flood Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Web Security Appliance Stored Cross-Site Scripting Smart Software Manager Satellite Open Redirect SD-WAN Information Disclosure DNA Center Privilege Escalation (of)

Read the full article at Heise.de

brands: CISCO  CODE  Command  It  other  ReDirect  Smart  Umbrella  Windows  
media: Heise.de  
keywords: Memory  Server  Software  Windows  

Related posts


Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88

Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88

Related Products



Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91

Warning: Invalid argument supplied for foreach() in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91