Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2424
14 vulnerabilities ranked High or lower patched in Cisco SD-WAN products
16 July 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: SD-WAN products
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Root Compromise -- Remote/Unauthenticated
Modify Arbitrary Files -- Existing Account
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-3468 CVE-2020-3437 CVE-2020-3406
CVE-2020-3405 CVE-2020-3401 CVE-2020-3388
CVE-2020-3387 CVE-2020-3385 CVE-2020-3381
CVE-2020-3379 CVE-2020-3372 CVE-2020-3369
CVE-2020-3351 CVE-2020-3180
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-dos-KWOdyHnB
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmpresc-SyzcS4kC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdscred-HfWWfqBj
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vedgfpdos-PkqQrnwV
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clibypvman-sKcLf2L
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanxss-z7bhvHpy
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-emvman-3y6LuTcZ
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmdirtrav-eFdAxsJg
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanwebid-5QWMcCvt
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmandowndir-CVGvdKM3
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanrce-4jtWT28P
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-v78FubGV
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanxml-Aj4GFEKd
Comment: This bulletin contains fourteen Cisco Systems security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Cisco SD-WAN Solution Software Denial of Service Vulnerability
Priority: High
Advisory ID: cisco-sa-sdw-dos-KWOdyHnB
First Published: 2020 July 15 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvj14805
CVE-2020-3351
CWE-399
CVSS Score:
8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X
Summary
o A vulnerability in Cisco SD-WAN Solution Software could allow an
unauthenticated, remote attacker to cause a denial of service (DoS)
condition.
The vulnerability is due to improper validation of fields in Cisco SD-WAN
peering messages that are encapsulated in UDP packets. An attacker could
exploit this vulnerability by sending crafted UDP messages to the targeted
system. A successful exploit could allow the attacker to cause services on
the device to fail, resulting in a DoS condition that could impact the
targeted device and other devices that depend on it.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-sdw-dos-KWOdyHnB
Affected Products
o Vulnerable Products
This vulnerability affects the following Cisco products if they are running
a Cisco SD-WAN Solution Software release earlier than Release 17.2.7 or
18.3.0:
SD-WAN vBond Orchestrator Software
SD-WAN vEdge 100 Series Routers
SD-WAN vEdge 1000 Series Routers
SD-WAN vEdge 2000 Series Routers
SD-WAN vEdge 5000 Series Routers
SD-WAN vEdge Cloud Router
SD-WAN vManage Software
SD-WAN vSmart Controller Software
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect Cisco IOS XE
SD-WAN Software.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o Cisco has released free software updates that address the vulnerability
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license: https://www.cisco.com/c/en/us/products/
end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
Cisco fixed this vulnerability in Cisco SD-WAN Solution Software releases
17.2.7 and later and releases 18.3.0 and later.
To ensure a complete upgrade solution, consider that this advisory is part
of a collection that includes the following advisories:
cisco-sa-sdw-dos-KWOdyHnB : Cisco SD-WAN Solution Software Denial of
Service Vulnerability
cisco-sa-sdscred-HfWWfqBj : Cisco SD-WAN Solution Software Static
Credentials Vulnerability
cisco-sa-vedgfpdos-PkqQrnwV : Cisco SD-WAN vEdge Routers Denial of
Service Vulnerability
cisco-sa-fpdos-hORBfd9f : Cisco SD-WAN vEdge Routers Denial of Service
Vulnerability
cisco-sa-clibypvman-sKcLf2L : Cisco SD-WAN vManage Software Command
Injection Vulnerability
cisco-sa-vmdirtrav-eFdAxsJg : Cisco SD-WAN vManage Software Directory
Traversal Vulnerability
cisco-sa-vmanrce-4jtWT28P : Cisco SD-WAN vManage Software Remote Code
Execution Vulnerability
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-sdw-dos-KWOdyHnB
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2020-JUL-15 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco SD-WAN Solution Software Privilege Escalation Vulnerability
Priority: Medium
Advisory ID: cisco-sa-vmpresc-SyzcS4kC
First Published: 2020 July 15 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvi69987
CVE-2020-3379
CWE-264
CVSS Score:
5.3 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
Summary
o A vulnerability in Cisco SD-WAN Solution Software could allow an
authenticated, local attacker to elevate privileges to Administrator on the
underlying operating system.
The vulnerability is due to insufficient input validation. An attacker
could exploit this vulnerability by sending a crafted request to an
affected system. A successful exploit could allow the attacker to gain
administrative privileges.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-vmpresc-SyzcS4kC
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected the following Cisco
products if they were running Cisco SD-WAN Solution Software releases
earlier than Release 18.3.0:
SD-WAN vBond Orchestrator Software
SD-WAN vEdge Routers
SD-WAN vManage Software
SD-WAN vSmart Controller Software
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco SD-WAN Solution Software releases 18.3.0
and later contained the fix for this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-vmpresc-SyzcS4kC
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2020-JUL-15 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco SD-WAN Solution Software Static Credentials Vulnerability
Priority: High
Advisory ID: cisco-sa-sdscred-HfWWfqBj
First Published: 2020 July 15 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvi59720 CSCvi85074
CVE-2020-3180
CWE-264
CVSS Score:
8.4 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Summary
o A vulnerability in Cisco SD-WAN Solution Software could allow an
unauthenticated, local attacker to access an affected device by using an
account that has a default, static password. This account has root
privileges.
The vulnerability exists because the affected software has a user account
with a default, static password. An attacker could exploit this
vulnerability by remotely connecting to an affected system by using this
account. A successful exploit could allow the attacker to log in by using
this account with root privileges.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-sdscred-HfWWfqBj
Affected Products
o Vulnerable Products
This vulnerability affects the following Cisco products:
SD-WAN vBond Orchestrator Software
SD-WAN vEdge Routers
SD-WAN vManage Software
SD-WAN vSmart Controller Software
For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect Cisco IOS XE
SD-WAN Software or Cisco SD-WAN cEdge Routers.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o Cisco has released free software updates that address the vulnerability
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license: https://www.cisco.com/c/en/us/products/
end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
Customers are advised to upgrade to an appropriate fixed software release
as indicated in the following table(s). To ensure a complete upgrade
solution, consider that this advisory is part of a collection that includes
the following advisories:
cisco-sa-sdw-dos-KWOdyHnB : Cisco SD-WAN Solution Software Denial of
Service Vulnerability
cisco-sa-sdscred-HfWWfqBj : Cisco SD-WAN Solution Software Static
Credentials Vulnerability
cisco-sa-vedgfpdos-PkqQrnwV : Cisco SD-WAN vEdge Routers Denial of
Service Vulnerability
cisco-sa-fpdos-hORBfd9f : Cisco SD-WAN vEdge Routers Denial of Service
Vulnerability
cisco-sa-clibypvman-sKcLf2L : Cisco SD-WAN vManage Software Command
Injection Vulnerability
cisco-sa-vmdirtrav-eFdAxsJg : Cisco SD-WAN vManage Software Directory
Traversal Vulnerability
cisco-sa-vmanrce-4jtWT28P : Cisco SD-WAN vManage Software Remote Code
Execution Vulnerability
SD-WAN vBond, vEdge, and vSmart Software
Cisco SD-WAN vBond, First Fixed First Fixed Release for All
vEdge, or vSmart Release for This Vulnerabilities Described in the
Software Release Vulnerability Collection of Advisories
Earlier than 18.3 Migrate to a Migrate to a fixed release.
fixed release.
18.3 18.3.6 Migrate to a fixed release.
18.4 Not affected. 18.4.5
19.2 Not affected. 19.2.3
19.3 Not affected. Migrate to a fixed release.
20.1 Not affected. 20.1.12
SD-WAN vManage Software
Cisco SD-WAN First Fixed Release First Fixed Release for All
vManage Software for This Vulnerabilities Described in the
Release Vulnerability Collection of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
18.3 release.
18.3 Migrate to a fixed Migrate to a fixed release.
release.
18.4 18.4.5 Migrate to a fixed release.
19.2 19.2.2 19.2.3
19.3 Not affected. Migrate to a fixed release.
20.1 Not affected. Migrate to a fixed release.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-sdscred-HfWWfqBj
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2020-JUL-15 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco SD-WAN vEdge Routers Denial of Service Vulnerability
Priority: High
Advisory ID: cisco-sa-fpdos-hORBfd9f
First Published: 2020 July 15 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvs72669
CVE-2020-3369
CWE-118
CVSS Score:
8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X
Summary
o A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN
vEdge Routers could allow an unauthenticated, remote attacker to cause a
denial of service (DoS) condition on an affected device.
The vulnerability is due to improper processing of FTP traffic. An attacker
could exploit this vulnerability by sending crafted FTP packets through an
affected device. A successful exploit could allow the attacker to make the
device reboot continuously, causing a DoS condition.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-fpdos-hORBfd9f
Affected Products
o Vulnerable Products
This vulnerability affects the following software releases for Cisco SD-WAN
vEdge 5000 Series Routers and Cisco SD-WAN vEdge Cloud Router if they have
the DPI feature enabled:
19.2.0
19.2.097
19.2.098
19.2.1
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect releases 18.4
or earlier of Cisco SD-WAN vEdge 5000 Series Routers or Cisco SD-WAN vEdge
Cloud Router.
Cisco has also confirmed that this vulnerability does not affect the
following Cisco products:
IOS XE SD-WAN Software
SD-WAN cEdge Routers
SD-WAN vBond Orchestrator Software
SD-WAN vEdge 100 Series Routers
SD-WAN vEdge 1000 Series Routers
SD-WAN vEdge 2000 Series Routers
SD-WAN vManage Software
SD-WAN vSmart Controller Software
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o Cisco has released free software updates that address the vulnerability
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license: https://www.cisco.com/c/en/us/products/
end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
Customers are advised to upgrade to an appropriate fixed software release
as indicated in the following table(s). To ensure a complete upgrade
solution, consider that this advisory is part of a collection that includes
the following advisories:
cisco-sa-sdw-dos-KWOdyHnB : Cisco SD-WAN Solution Software Denial of
Service Vulnerability
cisco-sa-sdscred-HfWWfqBj : Cisco SD-WAN Solution Software Static
Credentials Vulnerability
cisco-sa-vedgfpdos-PkqQrnwV : Cisco SD-WAN vEdge Routers Denial of
Service Vulnerability
cisco-sa-fpdos-hORBfd9f : Cisco SD-WAN vEdge Routers Denial of Service
Vulnerability
cisco-sa-clibypvman-sKcLf2L : Cisco SD-WAN vManage Software Command
Injection Vulnerability
cisco-sa-vmdirtrav-eFdAxsJg : Cisco SD-WAN vManage Software Directory
Traversal Vulnerability
cisco-sa-vmanrce-4jtWT28P : Cisco SD-WAN vManage Software Remote Code
Execution Vulnerability
Cisco SD-WAN First Fixed Release First Fixed Release for All
vEdge Software for This Vulnerabilities Described in the
Release Vulnerability Collection of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
18.3 release.
18.3 Not affected. Not affected.
18.4 Not affected. 18.4.5
19.2 19.2.2 19.2.3
19.3 Migrate to a fixed Migrate to a fixed release.
release.
20.1 20.1.1 20.1.12
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o Cisco would like to thank Gil Fidel of Accenture Security for reporting
this vulnerability.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-fpdos-hORBfd9f
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2020-JUL-15 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco SD-WAN vEdge Routers Denial of Service Vulnerability
Priority: High
Advisory ID: cisco-sa-vedgfpdos-PkqQrnwV
First Published: 2020 July 15 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvs72674
CVE-2020-3385
CWE-371
CVSS Score:
7.4 AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X
Summary
o A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN
vEdge Routers could allow an unauthenticated, adjacent attacker to cause a
denial of service (DoS) condition on an affected system.
The vulnerability is due to insufficient handling of malformed packets. An
attacker could exploit this vulnerability by sending crafted packets
through an affected device. A successful exploit could allow the attacker
to cause the device to reboot, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-vedgfpdos-PkqQrnwV
Affected Products
o Vulnerable Products
This vulnerability affects the following Cisco products if they are running
a vulnerable software release:
SD-WAN vEdge 5000 Series Routers
SD-WAN vEdge Cloud Routers
For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect the following
Cisco products:
IOS XE SD-WAN Software
SD-WAN vBond Orchestrator Software
SD-WAN vEdge 100 Series Routers
SD-WAN vEdge 1000 Series Routers
SD-WAN vEdge 2000 Series Routers
SD-WAN vManage Software
SD-WAN vSmart Controller Software
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o Cisco has released free software updates that address the vulnerability
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license: https://www.cisco.com/c/en/us/products/
end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
Customers are advised to upgrade to an appropriate fixed software release
as indicated in the following table(s). To ensure a complete upgrade
solution, consider that this advisory is part of a collection that includes
the following advisories:
cisco-sa-sdw-dos-KWOdyHnB : Cisco SD-WAN Solution Software Denial of
Service Vulnerability
cisco-sa-sdscred-HfWWfqBj : Cisco SD-WAN Solution Software Static
Credentials Vulnerability
cisco-sa-vedgfpdos-PkqQrnwV : Cisco SD-WAN vEdge Routers Denial of
Service Vulnerability
cisco-sa-fpdos-hORBfd9f : Cisco SD-WAN vEdge Routers Denial of Service
Vulnerability
cisco-sa-clibypvman-sKcLf2L : Cisco SD-WAN vManage Software Command
Injection Vulnerability
cisco-sa-vmdirtrav-eFdAxsJg : Cisco SD-WAN vManage Software Directory
Traversal Vulnerability
cisco-sa-vmanrce-4jtWT28P : Cisco SD-WAN vManage Software Remote Code
Execution Vulnerability
Cisco SD-WAN First Fixed Release First Fixed Release for All
vEdge Router for This Vulnerabilities Described in the
Release Vulnerability Collection of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
18.3 release.
18.3 Migrate to a fixed Migrate to a fixed release.
release.
18.4 18.4.5 18.4.5
19.2 19.2.3 19.2.3
19.3 Migrate to a fixed Migrate to a fixed release.
release.
20.1 20.1.1 20.1.12
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o Cisco would like to thank Gil Fidel of Accenture Security for reporting
this vulnerability.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-vedgfpdos-PkqQrnwV
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2020-JUL-15 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco SD-WAN vManage Software Command Injection Vulnerability
Priority: High
Advisory ID: cisco-sa-clibypvman-sKcLf2L
First Published: 2020 July 15 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvs11282
CVE-2020-3388
CWE-287
CVSS Score:
7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Summary
o A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an
authenticated, local attacker to inject arbitrary commands that are
executed with root privileges.
The vulnerability is due to insufficient input validation. An attacker
could exploit this vulnerability by authenticating to the device and
submitting crafted input to the CLI. The attacker must be authenticated to
access the CLI. A successful exploit could allow the attacker to execute
commands with root privileges.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-clibypvman-sKcLf2L
Affected Products
o Vulnerable Products
This vulnerability affects Cisco SD-WAN vManage Software releases.
For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect the following
Cisco products:
IOS XE SD-WAN Software
SD-WAN cEdge Routers
SD-WAN vBond Orchestrator Software
SD-WAN vEdge Routers
SD-WAN vSmart Controller Software
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o Cisco has released free software updates that address the vulnerability
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license: https://www.cisco.com/c/en/us/products/
end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
Customers are advised to upgrade to an appropriate fixed software release
as indicated in the following table(s). To ensure a complete upgrade
solution, consider that this advisory is part of a collection that includes
the following advisories:
cisco-sa-sdw-dos-KWOdyHnB : Cisco SD-WAN Solution Software Denial of
Service Vulnerability
cisco-sa-sdscred-HfWWfqBj : Cisco SD-WAN Solution Software Static
Credentials Vulnerability
cisco-sa-vedgfpdos-PkqQrnwV : Cisco SD-WAN vEdge Routers Denial of
Service Vulnerability
cisco-sa-fpdos-hORBfd9f : Cisco SD-WAN vEdge Routers Denial of Service
Vulnerability
cisco-sa-clibypvman-sKcLf2L : Cisco SD-WAN vManage Software Command
Injection Vulnerability
cisco-sa-vmdirtrav-eFdAxsJg : Cisco SD-WAN vManage Software Directory
Traversal Vulnerability
cisco-sa-vmanrce-4jtWT28P : Cisco SD-WAN vManage Software Remote Code
Execution Vulnerability
Cisco SD-WAN First Fixed Release First Fixed Release for All
vManage Software for This Vulnerabilities Described in the
Release Vulnerability Collection of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
18.3 release.
18.3 Migrate to a fixed Migrate to a fixed release.
release.
18.4 18.4.5 Migrate to a fixed release.
19.2 19.2.2 19.2.3
19.3 Migrate to a fixed Migrate to a fixed release.
release.
20.1 20.1.1 Migrate to a fixed release.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o Cisco would like to thank Orange CERT/CC for reporting this vulnerability.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-clibypvman-sKcLf2L
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2020-JUL-15 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability
Priority: Medium
Advisory ID: cisco-sa-vmanxss-z7bhvHpy
First Published: 2020 July 15 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvt71038
CVE-2020-3406
CWE-79
CVSS Score:
6.4 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X
Summary
o A vulnerability in the web-based management interface of the Cisco SD-WAN
vManage Software could allow an authenticated, remote attacker to conduct a
cross-site scripting (XSS) attack against a user of the interface.
The vulnerability exists because the web-based management interface does
not properly validate user-supplied input. An attacker could exploit this
vulnerability by persuading a user to click a crafted link. A successful
exploit could allow the attacker to execute arbitrary script code in the
context of the interface or access sensitive, browser-based information.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-vmanxss-z7bhvHpy
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected Cisco SD-WAN
vManage Software releases 19.2.2 and earlier.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco SD-WAN vManage Software Release 19.2.3
contained the fix for this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o Cisco would like to thank Johnny Yu of Walmart Security for reporting this
vulnerability.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-vmanxss-z7bhvHpy
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2020-JUL-15 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco SD-WAN vManage Software Denial of Service Vulnerability
Priority: Medium
Advisory ID: cisco-sa-emvman-3y6LuTcZ
First Published: 2020 July 15 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvo08423 CSCvs21703 CSCvt69529
CVE-2020-3372
CWE-400
Summary
o A vulnerability in the web-based management interface of Cisco SD-WAN
vManage Software could allow an authenticated, remote attacker to consume
excessive system memory and cause a denial of service (DoS) condition on an
affected system.
The vulnerability is due to inefficient memory management. An attacker
could exploit this vulnerability by sending a large number of crafted HTTP
requests to the affected web-based management interface. A successful
exploit could allow the attacker to exhaust system memory, which could
cause the system to stop processing new connections and could result in a
DoS condition.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-emvman-3y6LuTcZ
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected Cisco vManage
Software releases earlier than Release 19.2.3 and Release 20.1.12.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco vManage Software releases 19.2.3 and
later and releases 20.1.12 and later contained the fix for this
vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found during the resolution of a Cisco TAC support
case.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-emvman-3y6LuTcZ
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2020-JUL-15 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco SD-WAN vManage Software Directory Traversal Vulnerability
Priority: High
Advisory ID: cisco-sa-vmdirtrav-eFdAxsJg
First Published: 2020 July 15 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvt72764
CVE-2020-3381
CWE-22
CVSS Score:
8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Summary
o A vulnerability in the web management interface of Cisco SD-WAN vManage
Software could allow an authenticated, remote attacker to conduct directory
traversal attacks and obtain read and write access to sensitive files on a
targeted system.
The vulnerability is due to a lack of proper validation of files that are
uploaded to an affected device. An attacker could exploit this
vulnerability by uploading a crafted file to an affected system. An exploit
could allow the attacker to view or modify arbitrary files on the targeted
system.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-vmdirtrav-eFdAxsJg
Affected Products
o Vulnerable Products
This vulnerability affects Cisco SD-WAN vManage Software releases.
For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect the following
Cisco products:
IOS XE SD-WAN Software
SD-WAN cEdge Routers
SD-WAN vBond Orchestrator Software
SD-WAN vEdge Routers
SD-WAN vSmart Controller Software
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o Cisco has released free software updates that address the vulnerability
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license: https://www.cisco.com/c/en/us/products/
end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
Customers are advised to upgrade to an appropriate fixed software release
as indicated in the following table(s). To ensure a complete upgrade
solution, consider that this advisory is part of a collection that includes
the following advisories:
cisco-sa-sdw-dos-KWOdyHnB : Cisco SD-WAN Solution Software Denial of
Service Vulnerability
cisco-sa-sdscred-HfWWfqBj : Cisco SD-WAN Solution Software Static
Credentials Vulnerability
cisco-sa-vedgfpdos-PkqQrnwV : Cisco SD-WAN vEdge Routers Denial of
Service Vulnerability
cisco-sa-fpdos-hORBfd9f : Cisco SD-WAN vEdge Routers Denial of Service
Vulnerability
cisco-sa-clibypvman-sKcLf2L : Cisco SD-WAN vManage Software Command
Injection Vulnerability
cisco-sa-vmdirtrav-eFdAxsJg : Cisco SD-WAN vManage Software Directory
Traversal Vulnerability
cisco-sa-vmanrce-4jtWT28P : Cisco SD-WAN vManage Software Remote Code
Execution Vulnerability
Cisco SD-WAN First Fixed Release First Fixed Release for All
vManage Software for This Vulnerabilities Described in the
Release Vulnerability Collection of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
18.3 release.
18.3 Migrate to a fixed Migrate to a fixed release.
release.
18.4 Migrate to a fixed Migrate to a fixed release.
release.
19.2 19.2.3 19.2.3
19.3 Migrate to a fixed Migrate to a fixed release.
release.
20.1 Migrate to a fixed Migrate to a fixed release.
release.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o Cisco would like to thank Johnny Yu of Walmart security for reporting this
vulnerability.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-vmdirtrav-eFdAxsJg
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2020-JUL-15 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco SD-WAN vManage Software Information Disclosure Vulnerability
Priority: Medium
Advisory ID: cisco-sa-vmanwebid-5QWMcCvt
First Published: 2020 July 15 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvt65026
CVE-2020-3437
CWE-59
CVSS Score:
6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Summary
o A vulnerability in the web-based management interface of Cisco SD-WAN
vManage Software could allow an authenticated, remote attacker to read
arbitrary files on the underlying filesystem of the device.
The vulnerability is due to insufficient file scope limiting. An attacker
could exploit this vulnerability by creating a specific file reference on
the filesystem and then accessing it through the web-based management
interface. A successful exploit could allow the attacker to read arbitrary
files from the filesystem of the underlying operating system.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-vmanwebid-5QWMcCvt
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected Cisco SD-WAN
vManage Software releases earlier than Release 19.2.3.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco SD-WAN vManage Software releases 19.2.3
and later contained the fix for this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o Cisco would like to thank Johnny Yu of Walmart Security for reporting this
vulnerability.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-vmanwebid-5QWMcCvt
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2020-JUL-15 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco SD-WAN vManage Software Path Traversal Vulnerability
Priority: Medium
Advisory ID: cisco-sa-vmandowndir-CVGvdKM3
First Published: 2020 July 15 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvt74757
CVE-2020-3401
CWE-22
CVSS Score:
6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Summary
o A vulnerability in the web-based management interface of Cisco SD-WAN
vManage Software could allow an authenticated, remote attacker to conduct
path traversal attacks and obtain read access to sensitive files on an
affected system.
The vulnerability is due to insufficient validation of HTTP requests. An
attacker could exploit this vulnerability by sending a crafted HTTP request
that contains directory traversal character sequences to the affected
system. A successful exploit could allow the attacker to view arbitrary
files on the affected system.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-vmandowndir-CVGvdKM3
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected Cisco SD-WAN
vManage Software releases 19.2.2 and earlier.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco SD-WAN vManage Software Release 19.2.3
contained the fix for this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o Cisco would like to thank Johnny Yu of Walmart Security for reporting this
vulnerability.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-vmandowndir-CVGvdKM3
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2020-JUL-15 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco SD-WAN vManage Software Remote Code Execution Vulnerability
Priority: High
Advisory ID: cisco-sa-vmanrce-4jtWT28P
First Published: 2020 July 15 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvt70892
CVE-2020-3387
CWE-20
CVSS Score:
7.5 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Summary
o A vulnerability in Cisco SD-WAN vManage Software could allow an
authenticated, remote attacker to execute code with root privileges on an
affected system.
The vulnerability is due to insufficient input sanitization during user
authentication processing. An attacker could exploit this vulnerability by
sending a crafted response to the Cisco SD-WAN vManage Software. A
successful exploit could allow the attacker to access the software and
execute commands they should not be authorized to execute.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-vmanrce-4jtWT28P
Affected Products
o Vulnerable Products
This vulnerability affects Cisco SD-WAN vManage Software releases if the
Single Sign-On feature is enabled.
For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.
To determine whether the Single Sign-On feature is enabled, choose the
following path within the Cisco vManage settings: Administration > Settings
> Identity Provider Settings .
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect the following
Cisco products:
IOS XE SD-WAN Software
SD-WAN cEdge Routers
SD-WAN vBond Orchestrator Software
SD-WAN vEdge Routers
SD-WAN vSmart Controller Software
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o Cisco has released free software updates that address the vulnerability
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license: https://www.cisco.com/c/en/us/products/
end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
Customers are advised to upgrade to an appropriate fixed software release
as indicated in the following table(s). To ensure a complete upgrade
solution, consider that this advisory is part of a collection that includes
the following advisories:
cisco-sa-sdw-dos-KWOdyHnB : Cisco SD-WAN Solution Software Denial of
Service Vulnerability
cisco-sa-sdscred-HfWWfqBj : Cisco SD-WAN Solution Software Static
Credentials Vulnerability
cisco-sa-vedgfpdos-PkqQrnwV : Cisco SD-WAN vEdge Routers Denial of
Service Vulnerability
cisco-sa-fpdos-hORBfd9f : Cisco SD-WAN vEdge Routers Denial of Service
Vulnerability
cisco-sa-clibypvman-sKcLf2L : Cisco SD-WAN vManage Software Command
Injection Vulnerability
cisco-sa-vmdirtrav-eFdAxsJg : Cisco SD-WAN vManage Software Directory
Traversal Vulnerability
cisco-sa-vmanrce-4jtWT28P : Cisco SD-WAN vManage Software Remote Code
Execution Vulnerability
Cisco SD-WAN First Fixed Release First Fixed Release for All
vManage Software for This Vulnerabilities Described in the
Release Vulnerability Collection of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
18.3 release.
18.3 Migrate to a fixed Migrate to a fixed release.
release.
18.4 Migrate to a fixed Migrate to a fixed release.
release.
19.2 19.2.3 19.2.3
19.3 Migrate to a fixed Migrate to a fixed release.
release.
20.1 20.1.1.1 Migrate to a fixed release.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o Cisco would like to thank Johnny Yu of Walmart Security for reporting this
vulnerability.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-vmanrce-4jtWT28P
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2020-JUL-15 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco SD-WAN vManage Software SQL Injection Vulnerability
Priority: Medium
Advisory ID: cisco-sa-vmanage-v78FubGV
First Published: 2020 July 15 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvs21296
CVE-2020-3468
CWE-89
CVSS Score:
5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:X/RL:X/RC:X
Summary
o A vulnerability in the web-based management interface of Cisco SD-WAN
vManage Software could allow an authenticated, remote attacker to conduct
SQL injection attacks on an affected system.
The vulnerability exists because the web-based management interface
improperly validates values within SQL queries. An attacker could exploit
this vulnerability by authenticating to the application and sending
malicious SQL queries to an affected system. A successful exploit could
allow the attacker to modify values on or return values from the underlying
database or the operating system.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-vmanage-v78FubGV
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected Cisco SD-WAN
vManage Software releases earlier than Release 19.2.2 and Release 20.1.1.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco SD-WAN vManage Software releases 19.2.2
and 20.1.1 contained the fix for this vulnerability.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found during the resolution of a Cisco TAC support
case.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-vmanage-v78FubGV
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2020-JUL-15 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco SD-WAN vManage Software XML External Entity Vulnerability
Priority: Medium
Advisory ID: cisco-sa-vmanxml-Aj4GFEKd
First Published: 2020 July 15 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvt72792 CSCvu35990
CVE-2020-3405
CWE-611
CVSS Score:
6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Summary
o A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow
an authenticated, remote attacker to gain read and write access to
information that is stored on an affected system.
The vulnerability is due to improper handling of XML External Entity (XXE)
entries when parsing certain XML files. An attacker could exploit this
vulnerability by persuading a user to import a crafted XML file with
malicious entries. A successful exploit could allow the attacker to read
and write files within the affected application.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-vmanxml-Aj4GFEKd
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected Cisco SD-WAN
vManage Software releases 19.2.2 and earlier.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco SD-WAN vManage Software Release 19.2.3
contained the fix for this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o Cisco would like to thank Johnny Yu of Walmart Security for reporting this
vulnerability.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-vmanxml-Aj4GFEKd
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2020-JUL-15 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXw/NyuNLKJtyKPYoAQgacg//aNay4Zx+K2WXmH7jmRmogmv+xegynnW/
UmBJB3yv0aaOHU6cYBRAuQUH1v8wfLiNNQCsuilg/n/VkyssT0Gqcy/2ZQ11H3t0
kV0KT0tjaahcFswhG+uuShHs9NVny835tnvazlVOhcdvCRTWKzJFIvcLnJsQWY6W
6EnrxXh5/5rp3zq7lAqFDroidKXNNXSge4ab8jvJvWNdeV43K4oQmftJe4PdScmd
s6uWA/2eZR/Nar3cB1CFC2reRS9Z41M/AYsUKK1fkWKv2jTTo9o3or+wFZjV7DUw
o2dTSutEooyh97Y/8nKZ6dYPwLPJnrUEzrgMXuiPN8vwWVosJJz6fM3PFTSuNx7C
sCWx6RaDXjJHizAvpnBo5IZd0e2F8foMzR1WZgXZ2lngj5jD/z1TsEjbc/JqG8Qg
608XAAOQHnGcnvnn83pcEf+YK2+VjgN1TNMJUIKgI17wCo3YOh7jxFNqDroYQ0/k
bPxrN+6W9Z4/pSpuRj/7J5NSD71ze29772d6A/10gGDqm7WOv6rrS8qBKiIdDinj
Jv8MR306nnst86sxth+acaK3tvF8YwZqKv2vKozuS9TaOFXHCDyGbv4JiP0bhHdi
71NvNrJdVzuSnYYdaFzSYtHYPhv1Yp0S06+RM8XLiEMWwegBPzXNAK8Uvi7h/mTI
kjecInU7Bng=
=7RBo
-----END PGP SIGNATURE-----