Critical vulnerabilities in Cisco SD-WAN allow ransomware attack on the network. Patch them now

A team of penetration testing services specialists has revealed the finding of two vulnerabilities in Cisco products. According to the report, the successful exploitation of these vulnerabilities would allow threat actors to execute remote code and circumvent security measures on the system to install ransomware or other variants of malware.   

Below is a brief overview of the reported vulnerabilities, in addition to their respective scores and tracking keys according to the Common Vulnerability Scoring System (CVSS).

CVE-2020-3375: A boundary error in SD-WAN products would allow threat actors to execute arbitrary code on the target system, causing severe memory corruption.  

The flaw received a score of 8.5/10, so it is considered a severe vulnerability. Exploiting the flaw would allow a total commitment of the target system, the penetration testing services experts mentioned.

The full list of affected products can be found below:

  • Cisco IOS XE SD-WAN: 16.9, 16.10, 16.12, 17.2
  • Cisco SD-WAN vBond Orchestrator: 18.3, 18.4.0, 19.2.0, 19.3.0, 20.1.0
  • Cisco SD-WAN vEdge Cloud Router: 18.3.0, 18.4, 19.2.0, 19.3.0, 20.1.0
  • Cisco SD-WAN vEdge Routers: 18.3, 18.4.0, 19.2.0, 19.3.0, 21.1.0
  • Cisco SD-WAN vManage: 18.3, 18.4, 19.2, 19.3, 20.1
  • Cisco SD-WAN vSmart Controller: 18.3, 18.4.0, 19.2.0, 19.3.0, 20.1.0

CVE-2020-3374: Insufficient authorization verification in SD-WAN vManage allows remote hackers to bypass security mechanisms. This flaw would allow threat actors to send HTTP requests specially designed to perform privilege escalations, allowing for subsequent attacks.

This is an average security flaw that received a score of 7.7/10 on the CVSS scale, citing penetration testing services experts. The vulnerability resides in SD-WAN vManage v18.3, 18.4, 19.2, 19.3 & 20.1.

Although vulnerabilities can be exploited remotely by unauthenticated threat actors, researchers have not detected attempts at active exploitation or any malware variant linked to the attack. Patches to fix both bugs are now available, we recommend upgrading as soon as possible.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.