Cisco SD-WAN vManage Mutiple High-Risk Vulnerability Alert
Cisco SD-WAN is the enterprise-wide area network solution proposed by Cisco. Cisco takes security capabilities as the core and integrates security capabilities into the entire SD-WAN solution through WAN device integration, providing comprehensive security protection against multiple threat scenarios. Cisco SD-WAN vManage provides an automated centralized management platform for Cisco SD-WAN.
On April 7, 2021, Cisco officially issued multiple vulnerability risk notices for SD-WAN vManage. The vulnerabilities of this notice are CVE-2021-1479, CVE-2021-1137, and CVE-2021-1480. It contains 1 serious vulnerability and 2 high-risk vulnerabilities. The CVSS score of this vulnerability is 9.8.
Vulnerability Detail
CVE-2021-1479: Cisco SD-WAN vManage Remote Management Buffer Overflow Vulnerability
A vulnerability in a remote management component of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition.CVE-2021-1137: Cisco SD-WAN vManage Privilege Escalation Vulnerability
A vulnerability in the user management function of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system.
CVE-2021-1480: Cisco SD-WAN vManage Privilege Escalation Vulnerability
A vulnerability in system file transfer functions of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system.
Affected version
| Cisco SD-WAN vManage Release | First Fixed Release | First Fixed Release for all Vulnerabilities in this Advisory |
|---|---|---|
| 18.4 and earlier | Migrate to a fixed release. | Migrate to a fixed release. |
| 19.2 | 19.2.4 | 19.2.4 |
| 19.3 | Migrate to a fixed release. | Migrate to a fixed release. |
| 20.1 | Migrate to a fixed release. | Migrate to a fixed release. |
| 20.3 | 20.3.3 | 20.3.3 |
| 20.4 | 20.4.1 | 20.4.1 |
Solution
In this regard, we recommend that users upgrade Cisco SD-WAN vManage to the latest version in time.
