WARNING: Critical access control vulnerability in Cisco SD-WAN vManage API
Cisco SD-WAN vManage API
Access control vulnerability
A critical access control vulnerability in the request authentication validation of the Cisco SD-WAN vManage API, could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.
This could allow an attacker to modify the configuration of devices managed by the Cisco SD-WAN vManage instance. On top of that, the attacker could gain valuable intelligence regarding the devices being used in the environment. This could lead to follow up attacks targeting vulnerable devices.
CVE-2023-20214 is an access control vulnerability (CWE-284) caused due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to a remote accessible affected vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance.
It is important to note that this vulnerability only affects the vManage API and not the web-based management interface or the CLI.
The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions:
Install the patches released by Cisco: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdv...
Cisco SD-WAN vManage:
- 188.8.131.52 => Update to v184.108.40.206
- 20.6.4 => Update to v220.127.116.11
- 20.6.5 => Update to v18.104.22.168
- V20.7 => Migrate to a fixed release
- V20.8 => Migrate to a fixed release
- 20.9 => Update to v22.214.171.124
- V20.10 => Update to v126.96.36.199
- V20.11 => Update to v188.8.131.52
There are no workarounds available, but Cisco recommends to reduce the attack surface by enabling access control list to limit access to the vManage instance.