Cisco patched critical security bugs in vManage and HyperFlex HX, which could have enabled remote attackers to run commands as root or create unauthorized administrator accounts.
Attackers may remotely execute arbitrary code, escalate privileges, trigger denial of service conditions, and more on unpatched servers. The company has released a security update to fix high and medium severity vulnerabilities in several software.
According to the Cisco Product Security Incident Response Team (PSIRT), the vulnerabilities are not being actively exploited in the wild.
This bug allows remote attackers to execute commands and run malicious code
Cisco SD-WAN vManage Software Vulnerabilities, patched today, enable unauthenticated remote attackers to execute arbitrary code or access confidential data. Authenticated local attackers may also use them to obtain elevated privileges or unauthorized access to an attack-vulnerable program.
Remote attackers with no privileges on the targeted servers can launch command injection attacks thanks to Cisco HyperFlex HX Command Injection security flaws. Chaining the vulnerabilities is not necessary for effective exploitation in either case, and the bugs are not interdependent.
No need for authentication or user interaction in order to gain access to the system
Cisco rated the following three security issues as critical:
- CVE-2021-1468: Cisco SD-WAN vManage Cluster Mode Unauthorized Message Processing Vulnerability
- CVE-2021-1505: Cisco SD-WAN vManage Cluster Mode Privilege Escalation Vulnerability
- CVE-2021-1497: Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability
According to the company, customers can check if the program is in cluster mode by looking at the Administration > Cluster Management view in the Cisco SD-WAN vManage web-based management GUI.
Last month, Cisco patched another pre-authentication remote code execution (RCE) vulnerability in SD-WAN vManage that could enable threat actors to gain root privileges on the underlying operating system.