DoS attack vulnerabilities in Cisco SD-WAN software and routers

Network perimeter security specialists reported the finding of at least three security vulnerabilities in some Cisco routers and software solutions. It appears that successful exploitation of these flaws could trigger scenarios such as the deployment of denial of service (DoS) attacks.

Below are brief overviews of reported vulnerabilities, in addition to their respective scores and tracking keys according to the Common Vulnerability Scoring System (CVSS).

CVE-2020-3369: This vulnerability exists due to inadequate processing of FTP traffic, which would allow remote threat actors to launch DoS attacks by sending specially designed FTP packets and cause damage to target system memory.

This is an average severity flaw, so it received a CVSS score of 7.5/10, network perimeter security specialists mentioned. The vulnerability resides in multiple Cisco routers and software.

CVE-2020-3351: Incorrect validation of fields in Cisco SD-WAN interconnect messages that are encapsulated in UDP packets would allow remote hackers to deploy DoS attacks by sending specially designed UDP messages to the target system.

This flaw received a score of 7.5/10, so it is considered an average severity error.

CVE-2020-3379: This flaw exists because the affected application does not implement appropriate security restrictions, so local threat actors could execute privilege escalation attacks by sending specially crafted requests, network perimeter security specialists mentioned.  This flaw received a score of 6.8/10.

Vulnerabilities reside in the following software and router versions:

  • Cisco SD-WAN vBond Orchestrator
  • Cisco SD-WAN vEdge 100 Series Routers
  • Cisco SD-WAN vEdge 1000 Series Routers
  • Cisco SD-WAN vEdge 2000 Series Routers
  • Cisco SD-WAN vEdge 5000 Series Routers
  • Cisco SD-WAN vEdge Cloud Series Routers
  • Cisco SD-WAN vManage
  • Cisco SD-WAN vSmart Controller

While these scenarios are completely feasible, there are some factors that limit the risk of attack, so no attempts to exploit in real-world scenarios, or the existence of some exploit-related malware, have been detected.

Updates are now available, so system administrators are advised to install them as soon as possible. For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.