Cisco fixes critical flaws in SD-WAN vManage and HyperFlex HX software

Cisco fixed critical flaws in SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts, and executing commands as root.

Cisco has addressed critical vulnerabilities affecting SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts and executing commands as root.

Cisco SD-WAN vManage Software flaws (CVE-2021-1275, CVE-2021-1468, CVE-2021-1505, CVE-2021-1506, CVE-2021-1508) could be exploited by an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information. The flaws could also allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application.

“Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application.” reads the advisory published by Cisco.

Some of the above vulnerabilities only affect software operating in a cluster, in order to verify whether the software is operating in cluster mode, users should check the Cisco SD-WAN vManage web-based management interface Administration > Cluster Management view.

The IT giant also addressed critical Command Injection vulnerabilities, tracked as CVE-2021-1497 and CVE-2021-1498, in the web-based management interface of Cisco HyperFlex HX.

“Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.” reads the company’s advisory.

Cisco’s Product Security Incident Response Team (PSIRT) said that it’s not aware of attacks in the wild exploiting the above vulnerabilities.

In April, Cisco has addressed multiple vulnerabilities in Cisco SD-WAN vManage Software that could be exploited by an unauthenticated, remote attacker to execute arbitrary code or by an authenticated, local attacker to gain escalated privileges on vulnerable systems.

The most severe vulnerability is a critical pre-authentication remote code execution (RCE) issue, tracked as CVE-2021-1479, that affects the remote management component of its SD-WAN vManage Software.

The CVE-2021-1479 flaw could be exploited by an unauthenticated, remote attacker to trigger a buffer overflow on vulnerable devices. 

In January, Cisco released security updates to address multiple flaws in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against vulnerable devices.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, SD-WAN)

[adrotate banner=”5″]

[adrotate banner=”13″]