Get in Touch
Cisco discloses critical vManage flaw
Target Industry
Indiscriminate, opportunistic targeting.
Overview
Cisco has disclosed a critical level security vulnerability within the RESR API of their SD-WAN vManage software. The flaw, tracked as CVE-2023-20214 (CVSSv3 score: 9.1), allows for data exfiltration of affected products. The vManage API allows administrators to monitor device status, configure devices and aggregating device statistics.
At the time of writing no evidence exists regarding active exploitation of CVE-2023-20214.
Impact
Successful exploitation of CVE-2023-20214 could allow a remote, unauthenticated threat actor to gain read, and limited write, permissions and subsequently access data.
Vulnerability Detection
A security patch for the vulnerability reported on has been released by Cisco. Previous product versions remain vulnerable to potential exploitation.
Affected Products
vManage API
Containment, Mitigations & Remediations
It is strongly recommended that administrators apply the relevant security update as soon as possible. The vulnerability has been addressed in the following SD-WAN vManage versions:
- 20.6.3.4
- 20.6.4.2
- 20.6.5.5
- 20.9.3.2
- 20.10.1.2
- 20.11.1.2
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
Threat Landscape
Cisco occupies a significant proportion of the enterprise network infrastructure market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Cisco products have become a prime target. As Cisco products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive data contained therein.
Threat Group
No attribution to specific threat actors or groups has been identified at the time of writing.
Mitre Methodologies
Tactic:
TA0010 – Exfiltration
Further Information
