ESB-2021.0241

Operating System:

Published:

21 January 2021

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Resources > Security Bulletins > ESB-2021.0241

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.0241
Cisco SD-WAN multiple vulnerabilities
21 January 2021

===========================================================================

AusCERT Security Bulletin Summary
---------------------------------

Product: Cisco SD-WAN
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Root Compromise -- Remote/Unauthenticated
Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Existing Account
Unauthorised Access -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-1301 CVE-2021-1300 CVE-2021-1299
CVE-2021-1298 CVE-2021-1279 CVE-2021-1278
CVE-2021-1274 CVE-2021-1273 CVE-2021-1263
CVE-2021-1262 CVE-2021-1261 CVE-2021-1260
CVE-2021-1241 CVE-2021-1233

Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-infodis-2-UPO232DG

Comment: This bulletin contains four (4) Cisco Systems security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco SD-WAN Buffer Overflow Vulnerabilities

Priority: Critical
Advisory ID: cisco-sa-sdwan-bufovulns-B5NrSHbj
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvi69895 CSCvt11525
CVE Names: CVE-2021-1300 CVE-2021-1301
CWEs: CWE-119 CWE-20

CVSS Score:
9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

o Multiple vulnerabilities in Cisco SD-WAN products could allow an
unauthenticated, remote attacker to execute attacks against an affected
device.

For more information about these vulnerabilities, see the Details section
of this advisory.

Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj

Affected Products

o Vulnerable Products

These vulnerabilities affect the following Cisco products if they are
running a vulnerable release of Cisco SD-WAN Software:

IOS XE SD-WAN Software
SD-WAN vBond Orchestrator Software
SD-WAN vEdge Cloud Routers
SD-WAN vEdge Routers
SD-WAN vManage Software
SD-WAN vSmart Controller Software

For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.

Details

o The vulnerabilities are not dependent on one another. Exploitation of one
of the vulnerabilities is not required to exploit the other vulnerability.
In addition, a software release that is affected by one of the
vulnerabilities may not be affected by the other vulnerability.

Details about the vulnerabilities are as follows:

CVE-2021-1300: Cisco SD-WAN Buffer Overflow Vulnerability

A vulnerability in Cisco SD-WAN Software could allow an unauthenticated,
remote attacker to cause a buffer overflow condition.

The vulnerability is due to incorrect handling of IP traffic. An attacker
could exploit this vulnerability by sending crafted IP traffic through an
affected device, which may cause a buffer overflow when the traffic is
processed. A successful exploit could allow the attacker to execute
arbitrary code on the underlying operating system with root privileges.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

Bug ID(s): CSCvt11525
CVE ID: CVE-2021-1300
Security Impact Rating (SIR): High
CVSS Base Score: 9.8
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-1301: Cisco SD-WAN Buffer Overflow Vulnerability

A vulnerability in the NETCONF subsystem of Cisco SD-WAN Software could
allow an authenticated, remote attacker to cause a denial of service (DoS)
condition on an affected device or system.

The vulnerability is due to insufficient input validation of user-supplied
input that is read by the system during the establishment of an SSH
connection. An attacker could exploit this vulnerability by submitting a
crafted file to be read by the affected system. A successful exploit could
allow the attacker to cause a buffer overflow that could result in a DoS
condition on the affected device or system .

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

Bug ID(s): CSCvi69895
CVE ID: CVE-2021-1301
Security Impact Rating (SIR): Medium
CVSS Base Score: 6.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Workarounds

o There are no workarounds that address these vulnerabilities.

Fixed Software

o Cisco has released free software updates that address the vulnerabilities
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.

When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.

In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.

Customers Without Service Contracts

Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

Customers are advised to upgrade to an appropriate fixed software release
as indicated in the following table(s). To ensure a complete upgrade
solution, consider that this advisory is part of a collection that includes
the following advisories:

cisco-sa-sdwan-abyp-TnGFHrS : Cisco SD-WAN vManage Authorization Bypass
Vulnerabilities
cisco-sa-sdwan-bufovulns-B5NrSHbj : Cisco SD-WAN Buffer Overflow
Vulnerabilities
cisco-sa-sdwan-cmdinjm-9QMSmgcn : Cisco SD-WAN Command Injection
Vulnerabilities
cisco-sa-sdwan-dosmulti-48jJuEUP : Cisco SD-WAN Denial of Service
Vulnerabilities

SD-WAN Software

Cisco First Fixed Release First Fixed Release for All
SD-WAN for These Vulnerabilities Described in the
Releases Vulnerabilities Collection of Advisories
Earlier Migrate to a fixed Migrate to a fixed release.
than 18.3 release.
18.3 Migrate to a fixed Migrate to a fixed release.
release.
18.4 18.4.5 Migrate to a fixed release.
19.2 19.2.2 Migrate to a fixed release.
19.3 Migrate to a fixed Migrate to a fixed release.
release.
20.1 20.1.1 Migrate to a fixed release.
20.3 20.3.1 20.3.2
20.4 20.4.1 20.4.1

IOS XE SD-WAN Software

Cisco IOS XE First Fixed Release First Fixed Release for All
SD-WAN for These Vulnerabilities Described in the
Releases Vulnerabilities Collection of Advisories
16.9 Migrate to a fixed Migrate to a fixed release.
release.
16.10 Migrate to a fixed Migrate to a fixed release.
release.
16.11 Migrate to a fixed Migrate to a fixed release.
release.
16.12 16.12.4 16.12.4

IOS XE Software

Cisco IOS XE First Fixed Release First Fixed Release for All
Universal for These Vulnerabilities Described in the
Releases Vulnerabilities Collection of Advisories
17.2 17.2.1 17.2.2
17.3 17.3.1 17.3.1
17.4 17.4.1 17.4.1

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.

Source

o These vulnerabilities were found by James Spadaro of Cisco during internal
security testing.

Cisco Security Vulnerability Policy

o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj

Revision History

o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-JAN-20 |
+----------+---------------------------+----------+--------+--------------+

- --------------------------------------------------------------------------------

Cisco SD-WAN Command Injection Vulnerabilities

Priority: Critical
Advisory ID: cisco-sa-sdwan-cmdinjm-9QMSmgcn
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvi59635 CSCvi59639 CSCvi69982 CSCvm26011 CSCvu28387
CSCvu28443
CVE Names: CVE-2021-1260 CVE-2021-1261 CVE-2021-1262 CVE-2021-1263
CVE-2021-1298 CVE-2021-1299
CWEs: CWE-20

Summary

o Multiple vulnerabilities in Cisco SD-WAN products could allow an
authenticated attacker to perform command injection attacks against an
affected device, which could allow the attacker to take certain actions
with root privileges on the device.

For more information about these vulnerabilities, see the Details section
of this advisory.

Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn

Affected Products

o Vulnerable Products

These vulnerabilities affect the following Cisco products if they are
running a vulnerable release of Cisco SD-WAN Software:

SD-WAN vBond Orchestrator Software
SD-WAN vEdge Cloud Routers
SD-WAN vEdge Routers
SD-WAN vManage Software
SD-WAN vSmart Controller Software

For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.

Cisco has confirmed that these vulnerabilities do not affect Cisco IOS XE
SD-WAN Software.

Details

o The vulnerabilities are not dependent on one another; exploitation of one
of the vulnerabilities is not required to exploit another vulnerability. In
addition, a software release that is affected by one of the vulnerabilities
may not be affected by the other vulnerabilities.

Details about the vulnerabilities are as follows:

CVE-2021-1299: Cisco SD-WAN vManage Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN
vManage Software could allow an authenticated, remote attacker to execute
arbitrary commands as the root user on an affected system.

This vulnerability is due to improper input validation of user-supplied
input to the device template configuration. An attacker could exploit this
vulnerability by submitting crafted input to the device template
configuration. A successful exploit could allow the attacker to gain root
-level access to the affected system.

This vulnerability affects only the Cisco SD-WAN vManage product.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

Bug ID(s): CSCvu28387
CVE ID: CVE-2021-1299
Security Impact Rating (SIR): Critical
CVSS Base Score: 9.9
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE-2021-1261: Cisco SD-WAN CLI Command Injection Vulnerability

A vulnerability in the CLI utility tcpdump of Cisco SD-WAN Software could
allow an authenticated, local attacker with read-only credentials to inject
arbitrary commands that could allow the attacker to obtain root privileges.

This vulnerability is due to insufficient validation of user-supplied input
to the tcpdump command. An attacker could exploit this vulnerability by
authenticating with a lower-privileged user account via the CLI of an
affected device and submitting crafted input to the affected commands. A
successful exploit could allow the attacker to execute arbitrary commands
on the device with root privileges.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

Bug ID(s): CSCvi59639
CVE ID: CVE-2021-1261
Security Impact Rating (SIR): High
CVSS Base Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-1260: Cisco SD-WAN CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an
authenticated, local attacker with read-only credentials to inject
arbitrary commands that could allow the attacker to obtain root privileges
and read, write, and delete files of the underlying file system of an
affected device.

This vulnerability is due to insufficient validation of user-supplied input
on the CLI. An attacker could exploit this vulnerability by authenticating
with read-only privileges via the CLI of an affected device and submitting
crafted input to the affected commands. A successful exploit could allow
the attacker to execute arbitrary commands on the device with root
privileges.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

Bug ID(s): CSCvi59635
CVE ID: CVE-2021-1260
Security Impact Rating (SIR): High
CVSS Base Score: 7.1
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVE-2021-1263: Cisco SD-WAN CLI Command Injection Vulnerability

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

Bug ID(s): CSCvu28443
CVE ID: CVE-2021-1263
Security Impact Rating (SIR): Medium
CVSS Base Score: 6.1
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CVE-2021-1262: Cisco SD-WAN CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an
authenticated, local attacker with read-only credentials to inject
arbitrary commands that could allow the attacker to obtain root privileges
and read files from the underlying file system of an affected device.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

Bug ID(s): CSCvi69982
CVE ID: CVE-2021-1262
Security Impact Rating (SIR): Medium
CVSS Base Score: 5.5
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2021-1298: Cisco SD-WAN vManage Command Injection Vulnerability

A vulnerability in the vAnalytics feature of the web-based management
interface of Cisco SD-WAN vManage Software could allow an authenticated,
remote attacker to execute arbitrary commands as the root user on an
affected system.

This vulnerability is due to improper input validation of user-supplied
input to the SSO configuration. An attacker could exploit this by
submitting crafted input to the SSO configuration. A successful exploit
could allow the attacker to gain root -level access to the system.

The vAnalytics feature of Cisco SD-WAN vManage Software must be enabled for
this vulnerability to be exploited.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

Bug ID(s): CSCvm26011
CVE ID: CVE-2021-1298
Security Impact Rating (SIR): Medium
CVSS Base Score: 5.3
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Workarounds

o There are no workarounds that address these vulnerabilities.

Fixed Software

Customers Without Service Contracts

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

Cisco First Fixed Release First Fixed Release for All
SD-WAN for These Vulnerabilities Described in the
Release Vulnerabilities Collection of Advisories
Earlier Migrate to a fixed Migrate to a fixed release.
than 18.3 release.
18.3 Migrate to a fixed Migrate to a fixed release.
release.
18.4 Migrate to a fixed Migrate to a fixed release.
release.
19.2 Migrate to a fixed Migrate to a fixed release.
release.
19.3 Migrate to a fixed Migrate to a fixed release.
release.
20.1 20.1.2 Migrate to a fixed release.
20.3 20.3.2 20.3.2
20.4 20.4.1 20.4.1

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.

Source

o The following vulnerabilities were found during the resolution of a Cisco
TAC support case: CVE-2021-1260 and CVE-2021-1261.

The following vulnerabilities were found during internal security testing:

James Spadaro of Cisco: CVE-2021-1262
Joseph Connor of Cisco: CVE-2021-1263
Andrew Kim of Cisco: CVE-2021-1298
Alex Lumsden of Cisco: CVE-2021-1299

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn

Revision History

- --------------------------------------------------------------------------------

Cisco SD-WAN Denial of Service Vulnerabilities

Priority: High
Advisory ID: cisco-sa-sdwan-dosmulti-48jJuEUP
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvq20708 CSCvt11522 CSCvt11523 CSCvt11530 CSCvu28409
CSCvu31763
CVE Names: CVE-2021-1241 CVE-2021-1273 CVE-2021-1274 CVE-2021-1278
CVE-2021-1279
CWEs: CWE-119 CWE-20 CWE-787

Summary

o Multiple vulnerabilities in Cisco SD-WAN products could allow an
unauthenticated, remote attacker to execute denial of service (DoS) attacks
against an affected device.

For more information about these vulnerabilities, see the Details section
of this advisory.

Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP

Affected Products

o Vulnerable Products

These vulnerabilities may affect the following Cisco products if they are
running a vulnerable release of Cisco SD-WAN Software:

IOS XE SD-WAN Software
SD-WAN vBond Orchestrator Software
SD-WAN vEdge Cloud Routers
SD-WAN vEdge Routers
SD-WAN vManage Software
SD-WAN vSmart Controller Software

See the Details section of this advisory for information on vulnerable
products for each vulnerability.

For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.

Cisco has confirmed that these vulnerabilities do not affect Cisco IOS XE
universal image releases 17.2.1r and later.

Details

Details about the vulnerabilities are as follows.

CVE-2021-1241: Cisco SD-WAN vEdge Router VPN Denial of Service
Vulnerability

A vulnerability in VPN tunneling features of Cisco SD-WAN vEdge Routers
could allow an unauthenticated, remote attacker to cause a DoS condition on
an affected system.

The vulnerability is due to insufficient handling of malformed packets. An
attacker could exploit this vulnerability by sending crafted packets
through an affected device. A successful exploit could allow the attacker
to cause the device to reboot, resulting in a DoS condition on the affected
system.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

Bug ID(s): CSCvu31763
CVE ID: CVE-2021-1241
Security Impact Rating (SIR): High
CVSS Base Score: 8.6
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVE-2021-1273: Cisco SD-WAN IPSec Denial of Service Vulnerability

A vulnerability in the IPSec tunnel management of Cisco SD-WAN vBond
Orchestrator Software, Cisco SD-WAN vEdge Cloud Routers, Cisco SD-WAN vEdge
Routers, Cisco SD-WAN vManage Software, and Cisco SD-WAN vSmart Controller
Software could allow an unauthenticated, remote attacker to cause a DoS
condition on an affected system.

The vulnerability is due to the bounds checking in the forwarding plane of
the IPSec tunnel management functionality. An attacker could exploit this
vulnerability by sending crafted IPv4 or IPv6 packets to a specific device.
A successful exploit could allow the attacker to cause a DoS condition on
the affected system.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

Bug ID(s): CSCvu28409
CVE ID: CVE-2021-1273
Security Impact Rating (SIR): High
CVSS Base Score: 8.6
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVE-2021-1274: Cisco SD-WAN UDP Denial of Service Vulnerability

A vulnerability in the UDP connection response of Cisco IOS XE SD-WAN,
Cisco SD-WAN vBond Orchestrator Software, Cisco SD-WAN vEdge Cloud Routers,
Cisco SD-WAN vEdge Routers, Cisco SD-WAN vManage Software, and Cisco SD-WAN
vSmart Controller Software could allow an unauthenticated, remote attacker
to cause a DoS condition on an affected system.

The vulnerability is due to the presence of a null dereference in vDaemon.
An attacker could exploit this vulnerability by sending crafted traffic to
a specific device. A successful exploit could allow the attacker to cause a
DoS condition on the affected system.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

Bug ID(s): CSCvt11523
CVE ID: CVE-2021-1274
Security Impact Rating (SIR): High
CVSS Base Score: 8.6
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVE-2021-1278: Cisco SD-WAN Denial of Service Vulnerabilities

Multiple vulnerabilities in the symbolic link (symlink) creation
functionality of Cisco SD-WAN vBond Orchestrator Software, Cisco SD-WAN
vEdge Cloud Routers, Cisco SD-WAN vEdge Routers, Cisco SD-WAN vManage
Software, and Cisco SD-WAN vSmart Controller Software could allow an
authenticated, local attacker to overwrite arbitrary files that are owned
by the root user on the affected system.

These vulnerabilities are due to the absence of validation checks for the
input that is used to create symlinks. An attacker could exploit these
vulnerabilities by creating a symlink to a target file on a specific path.
A successful exploit could allow the attacker to corrupt the contents of
the file. If the file is a critical systems file, the exploit could lead to
a DoS condition on an affected system . To exploit these vulnerabilities,
the attacker would need to have valid credentials on the system.

Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.

Bug ID(s): CSCvt11522 , CSCvt11530
CVE ID: CVE-2021-1278
Security Impact Rating (SIR): Medium
CVSS Base Score: 6.7
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H

CVE-2021-1279: Cisco SD-WAN SNMPv3 Denial of Service Vulnerability

A vulnerability in the SNMPv3 management feature of Cisco SD-WAN vBond
Orchestrator Software, Cisco SD-WAN vEdge Cloud Routers, Cisco SD-WAN vEdge
Routers, Cisco SD-WAN vManage Software, and Cisco SD-WAN vSmart Controller
Software could allow an unauthenticated, remote attacker to cause a DoS
condition on an affected system.

The vulnerability is due to insufficient input validation for the SNMPv3
management functionality. An attacker could exploit this vulnerability by
sending crafted SNMPv3 traffic to a specific device. A successful exploit
could allow the attacker to cause a DoS condition on the affected system.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

Bug ID(s): CSCvq20708
CVE ID: CVE-2021-1279
Security Impact Rating (SIR): Medium
CVSS Base Score: 5.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Workarounds

o There are no workarounds that address these vulnerabilities.

Fixed Software

Customers Without Service Contracts

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

SD-WAN Software

Cisco First Fixed Release First Fixed Release for All
SD-WAN for These Vulnerabilities Described in This
Releases Vulnerabilities Collection of Advisories
Earlier Migrate to a fixed Migrate to a fixed release.
than 18.3 release.
18.3 Migrate to a fixed Migrate to a fixed release.
release.
18.4 18.4.6 Migrate to a fixed release.
19.2 Migrate to a fixed Migrate to a fixed release.
release.
19.3 Migrate to a fixed Migrate to a fixed release.
release.
20.1 20.1.2 Migrate to a fixed release.
20.3 20.3.1 20.3.2
20.4 20.4.1 20.4.1

IOS XE SD-WAN Software

Cisco IOS XE First Fixed Release First Fixed Release for All
SD-WAN for These Vulnerabilities Described in This
Releases Vulnerabilities Collection of Advisories
16.9 Migrate to a fixed Migrate to a fixed release.
release.
16.10 Migrate to a fixed Migrate to a fixed release.
release.
16.11 Migrate to a fixed Migrate to a fixed release.
release.
16.12 16.12.4 16.12.4

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.

Source

o CVE-2021-1273: This vulnerability was found by Joseph Connor of Cisco
during internal security testing.

CVE-2021-1274: This vulnerability was found by Arthur Vidineyev of Cisco
during internal security testing.

CVE-2021-1278: This vulnerability was found by Andrew Kim of Cisco during
internal security testing.

CVE-2021-1279: This vulnerability was found during internal security
testing.

CVE-2021-1241: This vulnerability were found during the resolution of a
Cisco TAC support case.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP

Revision History

- --------------------------------------------------------------------------------

Cisco SD-WAN Information Disclosure Vulnerability

Priority: Medium
Advisory ID: cisco-sa-sdwan-infodis-2-UPO232DG
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvi69962
CVE Names: CVE-2021-1233
CWEs: CWE-20

CVSS Score:
4.4 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X

Summary

o A vulnerability in the CLI of Cisco SD-WAN Software could allow an
authenticated, local attacker to access sensitive information on an
affected device.

The vulnerability is due to insufficient input validation of requests that
are sent to the iperf tool. An attacker could exploit this vulnerability by
sending a crafted request to the iperf tool, which is included in Cisco
SD-WAN Software. A successful exploit could allow the attacker to obtain
any file from the filesystem of an affected device.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-infodis-2-UPO232DG

Affected Products

o Vulnerable Products

At the time of publication, this vulnerability affected the following Cisco
products if they were running a release of Cisco SD-WAN Software earlier
than Release 18.4.3:

SD-WAN vBond Orchestrator Software
SD-WAN vEdge Cloud Routers
SD-WAN vEdge Routers
SD-WAN vManage Software

See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.

Fixed Releases

At the time of publication, Cisco SD-WAN Software releases 18.4.3 and later
contained the fix for this vulnerability.

See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-infodis-2-UPO232DG

Revision History

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYAj/UONLKJtyKPYoAQiI1w/+K3Uj/JBvuMwzlXrILSJicmwSkQS9fZcW
gQVIAkNf0M2ZqzNDjE0yNnNfFHeZkIOlYgh6a7cTA+41rxu8bC2waJJVaAbzGVkE
YKSA9pygOXI6yxk1WUFDhrlvYG1IPwntloztiIYt8poInA5dh9ilc0KSvoZW9Lt+
S35AfQffmhCtGNPGVFUzyIvNByEXDwh6JBFV10NSzjyKZoPa1SpJQkJo7pJHUZV8
1esSEsBMOfIMSVXANiQJsUIVe/WbrhFOuc2jHpKjHOC5KskJwP3y2xaW4WCUA8K9
J+2m7UYBcDxN9r97krC/XKbRp2eVUjx2u5IVafJH0KR3s7I7Hk7WOHMxz+yoiuhk
3uCburV9mspwicUhzEBRLWj8/esgJjAUAyyvqvX6EhShykzWGaFQk9/rtlrOI7Ct
HhVwJ/ydKBIKwZrsRg6/eOFsE/uECgYkLWo07AlAK3/URKuNF1AoUxbQIY0IXBQ3
w+4Ri7VnQvc8h9XZ6RAPv4CjiaEgt4RbYUApdYCiISD/w+lnNzpYzE7/V1hBRfQT
60KIXSnOPAqAg69fwZ7NViwHYgOJhseUOW6rHZuTNT68g5De7AELGHrDg8YQDCc3
Q58MV3WyLRBH7y7AeOL9+cnM0IskDKm+tb2BWocFMLB8Wff6FOiaXkZTSb42wT5z
QIOdTbdJffU=
=Az58
-----END PGP SIGNATURE-----