Three vulnerabilities, CVE-2020-3369, CVE-2020-3351, and CVE-2020-3379 in Cisco SD-WAN vEdge Routers have critical Denial of Service (DoS) vulnerability
Cisco SD-WAN vEdge routers form the backbone of many corporate networks. They are essential routing components of the architecture that delivers the essential WAN, security, and multi-cloud capability. Cisco deploys their Cisco SD-WAN vEdge routers as hardware, software, cloud, or virtualized components that sit at the perimeter of a site, such as remote office, branch office, campus, or a data center.
Now it is found that these routers have three critical vulnerabilities that could allow potential hackers to deploy Denial of Service (DoS) attacks. All these vulnerabilities have been issued unique identifiers, viz, CVE-2020-3369, CVE-2020-3351, and CVE-2020-3379. All the three vulnerabilities are critical and have a CVSS score of 7.5/10 to 6.8/10.
CVE-2020-3369 vulnerability: This vulnerability exists in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers. The flaw could be exploited by potential hackers remotely to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of FTP traffic. Any threat actor could exploit this vulnerability by sending crafted FTP packets through an affected device. A successful exploit could allow the attacker to make the device reboot continuously, causing a DoS condition.
This flaw has a CVSS score of 7.5/10 and resides in multiple Cisco routers and software.
CVE-2020-3351 vulnerability: A vulnerability in the Cisco SD-WAN Solution Software can allow a potential hacker to remotely trigger a denial of service (DoS) attack. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. Threat actors could exploit this vulnerability by sending specially crafted UDP messages to the targeted system. A successful exploit could allow the potential hackers to cause services on the device to fail, resulting in a DoS condition that could impact the targeted device and other devices that depend on it.
This flaw has a CVSS score of 7.5/10
CVE-2020-3379 vulnerability: This privilege escalation vulnerability in Cisco SD-WAN Solution Software can be exploited by a local hacker to elevate privileges to the administrator on the underlying operating system. The CVE-2020-3379 exists due to insufficient input validation by several Cisco routers. Any potential hacker could exploit this vulnerability by sending a specially crafted request to an affected system. Once the exploit is successful, it could allow threat actors to have administrative privileges of the underlying system.
This vulnerability has a CVSS score of 6.8/10 and resides in following Cisco software and router versions:
- Cisco SD-WAN vBond Orchestrator
- Cisco SD-WAN vEdge 100 Series Routers
- Cisco SD-WAN vEdge 1000 Series Routers
- Cisco SD-WAN vEdge 2000 Series Routers
- Cisco SD-WAN vEdge 5000 Series Routers
- Cisco SD-WAN vEdge Cloud Series Routers
- Cisco SD-WAN vManage
- Cisco SD-WAN vSmart Controller
While there are no workarounds for any of these vulnerabilities, Cisco has issued a fix for all of them and asked their clients to upgrade their systems. The links below are patches from Cisco.
- cisco-sa-sdw-dos-KWOdyHnB: Cisco SD-WAN Solution Software Denial of Service Vulnerability
- cisco-sa-sdscred-HfWWfqBj: Cisco SD-WAN Solution Software Static Credentials Vulnerability
- cisco-sa-vedgfpdos-PkqQrnwV: Cisco SD-WAN vEdge Routers Denial of Service Vulnerability
- cisco-sa-fpdos-hORBfd9f: Cisco SD-WAN vEdge Routers Denial of Service Vulnerability
- cisco-sa-clibypvman-sKcLf2L: Cisco SD-WAN vManage Software Command Injection Vulnerability
- cisco-sa-vmdirtrav-eFdAxsJg: Cisco SD-WAN vManage Software Directory Traversal Vulnerability
- cisco-sa-vmanrce-4jtWT28P: Cisco SD-WAN vManage Software Remote Code Execution Vulnerability