Cisco SD-WAN API vulnerability patched

By

Authentication failure.

Cisco is warning that the vManage software that ships with its SD-WAN has an authentication vulnerability in its REST API.

Cisco SD-WAN API vulnerability patched

The critical-rated vulnerability, CVE-2023-20214, has a CVSS score of 9.1, because it can give an unauthenticated remote attacker “read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.”

Cisco’s advisory states that the REST API has “insufficient request validation”.

That lets an attacker send a crafted API request to the vManage instance, and could subsequently read and send information to the affected instance.

Cisco’s advisory includes instructions for customers to view attempts to access the API in its log file.

Customers would then have to assess whether any of those access attempts represented an attack or a legitimate request.

“The presence of requests in this log does not indicate unauthorised access; rather, it only indicates that attempts have been made to access the REST API”, the advisory states.

The company also recommends customers restrict access to the API to permitted IP addresses using an access control list.

Affected versions include SD-WAN vManage 20.6.3.3 (fixed version 20.6.3.4); 20.6.4 (fixed in 20.6.4.2); 20.6.5 (fixed in 20.6.5.5); 20.9 (fixed in 20.9.3.2); 20.10 (fixed in 20.10.1.2); and 20.11 (fixed in 20.11.1.2).

Customers with versions 20.7 or 20.8 will need to migrate to a fixed release.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Eagers Automotive finds unauthorised access to parts of IT systems

Eagers Automotive finds unauthorised access to parts of IT systems

Hackers hit Victoria's court recording database

Hackers hit Victoria's court recording database

St Vincent's Health Australia warns cyber attack forensics could "take some time"

St Vincent's Health Australia warns cyber attack forensics could "take some time"

Yakult Australia confirms cyber incident

Yakult Australia confirms cyber incident

Log In

  |  Forgot your password?