Cisco is warning that the vManage software that ships with its SD-WAN has an authentication vulnerability in its REST API.
The critical-rated vulnerability, CVE-2023-20214, has a CVSS score of 9.1, because it can give an unauthenticated remote attacker “read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.”
Cisco’s advisory states that the REST API has “insufficient request validation”.
That lets an attacker send a crafted API request to the vManage instance, and could subsequently read and send information to the affected instance.
Cisco’s advisory includes instructions for customers to view attempts to access the API in its log file.
Customers would then have to assess whether any of those access attempts represented an attack or a legitimate request.
“The presence of requests in this log does not indicate unauthorised access; rather, it only indicates that attempts have been made to access the REST API”, the advisory states.
The company also recommends customers restrict access to the API to permitted IP addresses using an access control list.
Affected versions include SD-WAN vManage 20.6.3.3 (fixed version 20.6.3.4); 20.6.4 (fixed in 20.6.4.2); 20.6.5 (fixed in 20.6.5.5); 20.9 (fixed in 20.9.3.2); 20.10 (fixed in 20.10.1.2); and 20.11 (fixed in 20.11.1.2).
Customers with versions 20.7 or 20.8 will need to migrate to a fixed release.
