Warning - Multiple vulnerabilities patched in Cisco Catalyst SD-WAN Manager
CVE-2023-20252
CVSS:9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2023-20253
CVSS:8.4 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H)
CVE-2023-20034
CVSS:7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVE-2023-20254
CVSS:7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVE-2023-20262
CVSS:5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Sources
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdv...
- https://nvd.nist.gov/vuln/detail/CVE-2023-20034
- https://nvd.nist.gov/vuln/detail/CVE-2023-20252
- https://nvd.nist.gov/vuln/detail/CVE-2023-20253
- https://nvd.nist.gov/vuln/detail/CVE-2023-20254
- https://nvd.nist.gov/vuln/detail/CVE-2023-20262
Risks
Cisco patched 5 vulnerabilities (1 critical, 3 high & 1 medium severity) in Cisco Catalyst SD-WAN Manager, formerly known as Cisco SD-WAN vManage. Successfully exploiting one or more of these vulnerabilities could allow an attacker to access a vulnerable Cisco Catalyst SD-WAN Manager instance and/or cause a denial of service (DoS) on an affected system.
CVE-2023-20252 has a CVSSv3 score of 9.8, allowing an unauthenticated remote attacker to gain unauthorized access to the application as an arbitrary user, having a high impact on the full CIA triad.
Description
- CVE-2023-20252 is a critical vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager, which could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user.
- CVE-2023-20253 is a high severity vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, which could allow an authenticated, local attacker with read-only privileges to bypass authorization and roll back controller configurations. This could be deployed to the downstream routers.
- CVE-2023-20034 is a high severity vulnerability in the access control implementation for Elasticsearch that is used in Cisco Catalyst SD-WAN Manager, allowing an unauthenticated, remote attacker to access the Elasticsearch database of an affected system with the privileges of the Elasticsearch user.
- CVE-2023-20254 is a high severity vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature which could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. In order to exploit this vulnerability, the multi-tenant feature needs to be enabled.
- CVE-2023-20262 exists in the SSH service of Cisco Catalyst SD-WAN Manager allowing an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access. Only the SSH access is impacted when this vulnerability is exploited. This vulnerability does not prevent the system from continuing to function, and web UI access is not affected. CVE-2023-20262 gets a CVSS score of 5.3, which gives it a medium severity.
Recommended Actions
The Centre for Cyber Security Belgium strongly recommends Windows system administrators to take the following actions:
- Update Cisco Catalyst SD-WAN Manager to the latest patched version.
Cisco did not provide any other workarounds to mitigate these vulnerabilities