Cisco fixes critical pre-auth bugs in SD-WAN, cloud license manager

Cisco has released security updates to address pre-auth remote code execution (RCE) vulnerabilities affecting multiple SD-WAN products and the Cisco Smart Software Manager software.

SD-WAN are software products that help manage wide-area networks (WAN) while Smart Software Manager is a cloud-based management solution for Cisco licenses.

Vulnerable to pre-auth RCE attacks

Unauthenticated attackers can remotely exploit buffer overflow and command injection bugs to execute arbitrary code or to run arbitrary commands on the underlying operating system of devices running vulnerable releases of SD-WAN and Cisco Smart Software Manager Satellite software.

Releases of Cisco SD-WAN Software vulnerable to pre-auth RCE attacks designed to exploit CVE-2021-1300 include:

  • IOS XE SD-WAN Software
  • SD-WAN vBond Orchestrator Software
  • SD-WAN vEdge Cloud Routers
  • SD-WAN vEdge Routers
  • SD-WAN vManage Software
  • SD-WAN vSmart Controller Software

Pre-auth RCE vulnerabilities affecting Cisco's cloud licensing manager are tracked as CVE-2021-1138, CVE-2021-1140, and CVE-2021-1142. They affect Cisco Smart Software Manager Satellite releases 5.1.0 and earlier.

Cisco has fixed them in versions 6.3.0 and later and has renamed Cisco Smart Software Manager Satellite to Cisco Smart Software Manager On-Prem.

"The vulnerabilities are not dependent on one another," Cisco explains. "Exploitation of one of the vulnerabilities is not required to exploit the other vulnerability."

"In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerability," Cisco added.

No active exploitation

Luckily, "[t]he Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."

These vulnerabilities were found by Cisco security researchers during internal security testing of affected products.

Cisco today also addressed critical command injection vulnerabilities impacting SD-WAN products and the Command Runner tool of Cisco DNA Center.

In November, the company also patched multiple pre-authentication vulnerabilities with public exploits in the Cisco Security Manager exposing affected devices to remote code execution attacks.

Related Articles:

New Ivanti RCE flaw may impact 16,000 exposed VPN gateways

Hackers exploit critical RCE flaw in Bricks WordPress site builder

Over 1,400 CrushFTP servers vulnerable to actively exploited bug

Maximum severity Flowmon bug has a public exploit, patch now

Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks