Cisco fixes critical flaws in SD-WAN vManage and HyperFlex HX software

Cisco fixed critical flaws in SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts, and executing commands as root.

Cisco has addressed critical vulnerabilities affecting SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts and executing commands as root.

Cisco SD-WAN vManage Software flaws (CVE-2021-1275, CVE-2021-1468, CVE-2021-1505, CVE-2021-1506, CVE-2021-1508) could be exploited by an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information. The flaws could also allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application.

“Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application.” reads the advisory published by Cisco.

Some of the above vulnerabilities only affect software operating in a cluster, in order to verify whether the software is operating in cluster mode, users should check the Cisco SD-WAN vManage web-based management interface Administration > Cluster Management view.

The IT giant also addressed critical Command Injection vulnerabilities, tracked as CVE-2021-1497 and CVE-2021-1498, in the web-based management interface of Cisco HyperFlex HX.

“Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.” reads the company’s advisory.

Cisco’s Product Security Incident Response Team (PSIRT) said that it’s not aware of attacks in the wild exploiting the above vulnerabilities.

In April, Cisco has addressed multiple vulnerabilities in Cisco SD-WAN vManage Software that could be exploited by an unauthenticated, remote attacker to execute arbitrary code or by an authenticated, local attacker to gain escalated privileges on vulnerable systems.

The most severe vulnerability is a critical pre-authentication remote code execution (RCE) issue, tracked as CVE-2021-1479, that affects the remote management component of its SD-WAN vManage Software.

The CVE-2021-1479 flaw could be exploited by an unauthenticated, remote attacker to trigger a buffer overflow on vulnerable devices.

In January, Cisco released security updates to address multiple flaws in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against vulnerable devices.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, SD-WAN)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.