SB2019012424 - Multiple vulnerabilities in Cisco SD-WAN
Published: January 24, 2019 Updated: January 25, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Security restrictions bypass (CVE-ID: CVE-2019-1647)
The vulnerability allows an adjacent authenticated attacker to bypass security restrictions on the target system.
The vulnerability exists due to an insecure default configuration. An adjacent authenticated attacker can directly connect to the exposed services to retrieve and modify critical system files.
2) Privilege escalation (CVE-ID: CVE-2019-1648)
The vulnerability allows a local authenticated attacker to gain elevated privileges on an affected device.
The vulnerability exists due to a failure to properly validate certain parameters included within the group configuration. A local authenticated attacker can write a specially crafted file to the directory where the user group configuration is located in the underlying operating system and gain root-level privileges and take full control of the device.
3) Privilege escalation (CVE-ID: CVE-2019-1650)
The vulnerability allows a remote authenticated attacker to gain elevated privileges on an affected device.
The vulnerability exists due to improper input validation of the save command in the CLI of the affected software. A remote authenticated attacker can modify the save command in the CLI of an affected device, overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user.
4) Privilege escalation (CVE-ID: CVE-2019-1646)
The vulnerability allows a local authenticated attacker to gain elevated privileges on an affected device.
The vulnerability exists due to user input is not properly sanitized for certain commands at the CLI. A local authenticated attacker can send specially crafted commands to the CLI of an affected device, establish an interactive session with elevated privileges and further compromise the device or obtain additional configuration data from the device.
5) Buffer overflow (CVE-ID: CVE-2019-1651)
The vulnerability allows a remote authenticated attacker to gain elevated privileges on an affected device.
The vulnerability exists due to improper bounds checking by the vContainer. A remote authenticated attacker can send a malicious file to an affected vContainer instance, trigger a buffer overflow condition on the affected vContainer and cause the service to crash or execute arbitrary code as the root user.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-unacce...
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo