Cisco patches critical and high severity issues in Catalyst SD-WAN
Take action: Time for a planned update of the Cisco SD-WAN. The risk is debatable, since some systems may be isolated from external visibility. But do the work of proper risk review for your company and plan for patches. Beacuse every system will eventually become visible to an attack.
Learn More
Cisco has addressed multiple vulnerabilities in different versions of its Catalyst SD-WAN software. These vulnerabilities impact various aspects of the SD-WAN system, including SD-WAN APIs, the command line interface (CLI), and an Elasticsearch implementation.
- CVE-2023-20252 (CVSS score 9.8), classified as an unauthorized access vulnerability in Catalyst SD-WAN’s security assertion markup language (SAML) APIs. The flaw stems from inadequate authentication checks for SAML APIs, potentially enabling an attacker to send requests directly to these APIs. If exploited, this flaw could provide the attacker access to the application as an arbitrary user. Unfortunately, there are no workarounds available, making it imperative for users to apply the provided patch.
- CVE-2023-20253 (CVSS score 8.4), affects SD-WAN’s command line interface (CLI). Exploiting this vulnerability allows an attacker to bypass authentication and rollback a controller’s configurations, which can then be deployed to downstream routers.
- CVE-2023-20034 (CVSS score 7.5) pertains to a vulnerability in the access control implementation for Elasticsearch used in Cisco Catalyst SD-WAN Manager. An unauthenticated remote attacker can access the Elasticsearch database of an affected system via a crafted HTTP request, potentially viewing its contents.
- CVE-2023-20254 (CVSS score 7.2) involves a session management vulnerability that could allow an authenticated, remote attacker to access another tenant managed by the same Cisco Catalyst SD-WAN Manager instance. A successful exploit could permit the attacker to access information about another tenant, make configuration changes, or potentially take a tenant offline, causing a denial-of-service condition.
- CVE-2023-20262 (CVSS score 5.3) allows an unauthenticated remote attacker to crash the SSH process, posing a risk to the system's stability and security.
These vulnerabilities impact various versions of the Catalyst SD-WAN software in the Version 20.n branch. Cisco has released patches for all affected products.
