Three vulnerabilities have been discovered in Cisco SD-WAN vManage in unpatched Cisco devices running the vulnerable software. A vulnerability was also found in Cisco Small Business RV110W, RV130, RV130W, and RV215W routers. There is no knowledge of their exploitation in the wild thus far but their criticality makes their correction an urgent matter.
Cisco SD-WAN vManage vulnerabilities :
- CVE-2021-1479: This critical vulnerability enables an unauthenticated attacker to cause a buffer overflow remotely by gaining root privileges and executing code on the OS.
- CVE-2021-1137 and CVE-2021-1480: These high vulnerabilities allow privilege escalation of authenticated attackers that can, if successful, gain root privileges.
Cisco Small Business routers vulnerability:
- CVE-2021-1459 : This vulnerability allows unauthenticated attackers to execute code remotely on targeted devices.
RECOMMENDED SOLUTION
For Cisco SD-WAN vManage :
- For customers running 19.2, 20.3 and 20.4 versions : They must patch and correct the vulnerabilities by updating their software.
- For customers running 19.3, 20.3 or 18.4 versions and earlier : They are recommended to migrate to a fixed release.
For Cisco Small Business routers:
- For Cisco Small Business routers customers using RV110W, RV130, RV130W, and RV215W are recommended to migrate to RV132W, RV160, or RV160W Routers.
For more information, refer to Cisco’s security advisories for solutions to defend your devices.
Sources : Bleeping Computer, Cisco , CVE Mitre