Cyber Security Threat Summary:
Multiple vulnerabilities have been identified in Cisco Catalyst SD-WAN Manager (formerly Cisco SD-WAN vManage). These vulnerabilities could potentially allow attackers to access an affected instance or cause a denial of service (DoS) condition on the affected system. Cisco has taken action to address these vulnerabilities through software updates, "Although exploiting this vulnerability demands significant access to the target environment, threat actors have already initiated attacks, as reported by the company in the same advisory. Cisco identified attempted exploitation of the GET VPN feature during a technical code review as part of their internal investigation. The advisory emphasizes the importance of customers upgrading to a fixed software release to address this vulnerability. Furthermore, on Wednesday, Cisco released security patches to address a critical vulnerability in the Security Assertion Markup Language (SAML) APIs within the Catalyst SD-WAN Manager network management software."
Security Officer Comments:
These vulnerabilities in Cisco Catalyst SD-WAN Manager could pose significant security risks to organizations using the platform. Access to the affected instance or a DoS attack could result in service disruptions and potential data breaches. Cisco's prompt release of software updates is a positive step towards mitigating these risks. Organizations using Cisco Catalyst SD-WAN Manager should prioritize the installation of the provided software updates to ensure their systems are protected against these vulnerabilities. It's important to stay informed about security advisories and take action promptly to maintain a secure network environment.
The primary mitigation for these vulnerabilities is to apply the software updates released by Cisco. There are no identified workarounds to address these vulnerabilities. To ensure the security of Cisco Catalyst SD-WAN Manager: