The Information Highway

The Information Highway
Font size: +
  Print
2 minutes reading time (399 words)

Cisco Catalyst SD-WAN Manager flaw allows remote server access

508 Hits

Cisco is warning of five new Catalyst SD-WAN Manager products vulnerabilities with the most critical allowing unauthenticated remote access to the server. 

Cisco Catalyst SD-WAN Manager for WAN is network management software allowing admins to visualize, deploy, and manage devices on wide area networks (WAN).

The most severe of the disclosed flaws impacting the product is CVE-2023-20252 (CVSS v3.1: 9.8), which allows unauthorized access due to issues with the Security Assertion Markup Language (SAML) APIs.

"A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user," warns the security bulletin.

The flaw can be leveraged by sending specially crafted requests directly to the SAML APIs, which generate arbitrary authorization tokens that allow unconditional access to the application.

Exploitation of CVE-2023-20252 has the potential for user impersonation, unauthorized data access/modification/deletion, and service disruption.

The remaining four vulnerabilities are less severe:

  • CVE-2023-20253 (CVSS v3.1: 8.4): Unauthorized configuration rollback due to CLI vulnerabilities.
  • CVE-2023-20034 (CVSS v3.1: 7.5): Information disclosure vulnerability in Elasticsearch access control.
  • CVE-2023-20254 (CVSS v3.1: 7.2): Authorization bypass in the session management system. (requires multi-tenant feature enabled)
  • CVE-2023-20262 (CVSS v3.1: 5.3): DoS vulnerability in the SSH service. (affects SSH access only)

It is worth noting that CVE-2023-20034 is also remotely exploitable without requiring authentication. However, its severity is mitigated by the fact that access is limited to the Elasticsearch database with the privileges of the Elasticsearch user.

The five flaws impact various versions of Cisco Catalyst SD-WAN Manager, with more details on the impacted and target upgrade versions below: 

CVE-2023-20252, which is the most urgent to fix, impacts releases 20.9.3.2 and 20.11.1.2 but does not affect older releases in the 20.9 and 20.11 branches.

Catalyst SD-WAN Manager version 20.12, the latest available release, is not impacted by any flaws except for the medium severity one (fixed in 20.12.1), so that's the safest version to upgrade to if possible.

Cisco has shared no workarounds for the fixed flaws this time, so the only recommended action is upgrading to a patched release.

The vendor clarifies that IOS XE Software, SD-WAN cEdge Routers, and SD-WAN vEdge Routers are not vulnerable.

None of the flaws are reported as actively exploited, yet upgrading to the recommended versions should be treated with urgency. 

0
How do you feel about this post?
Happy (0)
Love (0)
Surprised (0)
Sad (0)
Angry (0)
Tags:
Catalyst SD-WAN Manager products vulnerabilities access Cisco Catalyst SD-WAN Manager network management software area networks
Bing Chat responses infiltrated by ads pushing mal...
Google fixes fifth actively exploited Chrome zero-...

About the author

Bill Toulas

Bill Toulas

Bill Toulas is a technology writer and infosec news reporter with over a decade of experience working on various online publications. An open source advocate and Linux enthusiast, is currently finding pleasure in following hacks, malware campaigns, and data breach incidents, as well as by exploring the intricate ways through which tech is swiftly transforming our lives.
Author's recent posts
More posts from author
 

Comments

No comments made yet. Be the first to submit a comment
Saturday, 18 May 2024

Captcha Image