Cisco addressed a high-severity OS command-injection vulnerability, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution.
Cisco SD-WAN is a cloud-delivered overlay WAN architecture that enables digital and cloud transformation at enterprises, it allows to connect disparate office locations via the cloud.
An authenticated, local attacker can exploit the CVE-2021-1529 vulnerability to execute arbitrary commands with root privileges. The CVE-2021-1529 received a CVSS score of 7.8,
“The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.” reads the advisory published by the IT giant.
Cisco has released software updates to address this flaw, the company pointed out that there are no workarounds that fix this issue.
The Cisco PSIRT is not aware of attacks in the wild exploiting this vulnerability.
The US Cybersecurity and Infrastructure Security Agency (CISA) also published a security advisory for this flaw that urge organizations to address this vulnerability.
“CISA encourages users and administrators to review Cisco Advisory cisco-sa-sd-wan-rhpbE34A and apply the necessary updates.” states CISA’s advisory.
(SecurityAffairs – hacking, Cisco SD-WAN)