Get in Touch
Indiscriminate, opportunistic targeting.
Cisco has disclosed a critical level security vulnerability within the RESR API of their SD-WAN vManage software. The flaw, tracked as CVE-2023-20214 (CVSSv3 score: 9.1), allows for data exfiltration of affected products. The vManage API allows administrators to monitor device status, configure devices and aggregating device statistics.
At the time of writing no evidence exists regarding active exploitation of CVE-2023-20214.
Successful exploitation of CVE-2023-20214 could allow a remote, unauthenticated threat actor to gain read, and limited write, permissions and subsequently access data.
A security patch for the vulnerability reported on has been released by Cisco. Previous product versions remain vulnerable to potential exploitation.
Containment, Mitigations & Remediations
It is strongly recommended that administrators apply the relevant security update as soon as possible. The vulnerability has been addressed in the following SD-WAN vManage versions:
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
Cisco occupies a significant proportion of the enterprise network infrastructure market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Cisco products have become a prime target. As Cisco products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive data contained therein.
No attribution to specific threat actors or groups has been identified at the time of writing.
TA0010 – Exfiltration