Softpedia >News >Security
Softpedia Homepage   

Cisco Flaws Allow Creating Admin Accounts and Executing Commands as Root

VManage and HyperFlex HQ applications allow remote attackers to run commands as root or create administrator accounts

May 6, 2021 08:03 GMT  ·  By
Cisco Security Flaws
   Cisco Security Flaws

Cisco patched critical security bugs in vManage and HyperFlex HX, which could have enabled remote attackers to run commands as root or create unauthorized administrator accounts. 

Attackers may remotely execute arbitrary code, escalate privileges, trigger denial of service conditions, and more on unpatched servers. The company has released a security update to fix high and medium severity vulnerabilities in several software.

According to the Cisco Product Security Incident Response Team (PSIRT), the vulnerabilities are not being actively exploited in the wild.

This bug allows remote attackers to execute commands and run malicious code 

Cisco SD-WAN vManage Software Vulnerabilities, patched today, enable unauthenticated remote attackers to execute arbitrary code or access confidential data.  Authenticated local attackers may also use them to obtain elevated privileges or unauthorized access to an attack-vulnerable program.

Remote attackers with no privileges on the targeted servers can launch command injection attacks thanks to Cisco HyperFlex HX Command Injection security flaws.  Chaining the vulnerabilities is not necessary for effective exploitation in either case, and the bugs are not interdependent.

No need for authentication or user interaction in order to gain access to the system 

Cisco rated the following three security issues as critical: 

  • CVE-2021-1468: Cisco SD-WAN vManage Cluster Mode Unauthorized Message Processing Vulnerability 
  • CVE-2021-1505: Cisco SD-WAN vManage Cluster Mode Privilege Escalation Vulnerability 
  • CVE-2021-1497: Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability 
According to Cisco, the crucial Cisco SD-WAN vManage bugs can only affect applications running in a cluster.

According to the company, customers can check if the program is in cluster mode by looking at the Administration > Cluster Management view in the Cisco SD-WAN vManage web-based management GUI.

Last month, Cisco patched another pre-authentication remote code execution (RCE) vulnerability in SD-WAN vManage that could enable threat actors to gain root privileges on the underlying operating system.