Cisco SD-WAN vManage Flaw: Let Attackers Escalate Privileges

A critical severity vulnerability has been detected in the request authentication validation for the REST API of the Cisco SD-WAN vManage software. Cisco released a security warning alerting users to the CVE-2023-20214 critical vulnerability.

This could allow a remote, unauthenticated attacker to acquire read access or restricted write permissions to the configuration of an impacted Cisco SD-WAN vManage instance.

“This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance”, reads Cisco advisory.

Software patches from Cisco have been made available to fix this issue. There is no workarounds for this weakness.

Details of the Critical-Severity Vulnerability

The Cisco SD-WAN vManage API is a REST API used to control, configure, and monitor Cisco devices in an overlay network. The vManage API has the following use cases:

Monitoring device status

Configuring a device, such as attaching a template to a device

Querying and aggregating device statistics

By sending a specifically constructed API request to the vulnerable vManage instances, the flaw, which results from insufficient request validation when using the REST API feature, can be exploited.

Attackers could be able to retrieve confidential information from the compromised machine, change certain configurations, stop network activities, and more.

“A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance,” Cisco.

“This vulnerability only affects the REST API and does not affect the web-based management interface or the CLI.”

Affected Products

This flaw affects vulnerable versions of Cisco SD-WAN vManage software.

Products Not Affected

According to Cisco, the following Cisco products are not affected by this vulnerability:



SD-WAN cEdge Routers

SD-WAN vBond Orchestrator Software

SD-WAN vEdge Cloud Routers

SD-WAN vEdge Routers

SD-WAN vSmart Controller Software


According to Cisco, there are no workarounds for this vulnerability, but there are techniques to dramatically decrease the attack surface.

Control access lists (ACLs), which restrict access to vManage instances to just certain IP addresses, are encouraged for usage by network administrators as a way to keep out outside attackers.

Using API keys to access APIs is another strong security step; Cisco generally recommends this, although it is not a strict necessity for vManage implementations.

Administrators are also told to keep an eye on the logs for any attempts to use the REST API, which might be a sign of a vulnerability being exploited.

Use the command “vmanage# show log /var/log/nms/vmanage-server.log” to inspect the contents of the vmanage-server.log file.

Fixes Available

v20.6.3.3 – fixed in v20.6.3.4

v20.6.4 – fixed in v20.6.4.2

v20.6.5 – fixed in v20.6.5.5

v20.9 – fixed in v20.9.3.2

v20.10 – fixed in v20.10.1.2

v20.11 – fixed in v20.11.1.2
Cisco SD-WAN vManage ReleaseFirst Fixed Release18.3Not affected.18.4Not affected.19.1Not affected.19.2Not affected.20.1Not affected.20.3Not affected.20.4Not affected.20.5Not affected.20.6.1Not affected.20.6.2Not affected.20.6.3Not affected. affected. affected. to a fixed release.20.8Migrate to a fixed release.20.920.

The post Cisco SD-WAN vManage Flaw: Let Attackers Escalate Privileges appeared first on Cyber Security News.

   Read More 

Cyber Security News