Cisco addressed multiple vulnerabilities in its SD-WAN vManage Software. One of which allows an attacker to perform actions not granted to average users, such as creating accounts with administrative level access. Please find below a comment from Satnam Narang, Staff Research Engineer, Tenable.
“Cisco patched multiple vulnerabilities on Wednesday, including several flaws in its SD-WAN vManage software. The most severe flaw is CVE-2021-1468, an unauthorised message processing vulnerability.
“The flaw exists because the vManage software fails to perform an authentication check on input supplied by the user to the application’s messaging service. This vulnerability could be exploited pre-authentication, meaning the attacker does not need to possess valid credentials and authenticate to the vulnerable application. Successful exploitation would give an attacker the ability to perform actions not granted to average users, such as creating accounts with administrative level access.
“It should be noted that this particular vulnerability as well as several others patched on Wednesday can only be exploited if the vManage software is running in Cluster Mode.
If your organisation uses vManage, we strongly encourage you to apply these patches as soon as possible.” — Satnam Narang, Staff Research Engineer, Tenable