A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Cisco SD-WAN vManage Unauthenticated REST API Access Vulnerability (CVE-2023-20214)

Cisco SD-WAN vManage Unauthenticated REST API Access Vulnerability (CVE-2023-20214)

Advisory No: TZCERT/SA/2023/07/14-03

Date of First Release: 14th July 2023

Source: Cisco

Software Affected: Cisco SD-WAN vManage software

Overview:

Cisco has released security patches to address a critical vulnerability affecting Cisco SD-WAN vManage software. The vulnerability could allow an attacker to attain unauthenticated access to REST API.

Description:

Cisco SD-WAN vManage is affected with an authentication vulnerability in its REST API. This is the result of insufficient request validation when using REST API feature. The vulnerability allows unauthenticated remote attacker to read or write to the configuration of the affected vManage instance.

Impact:

Successful exploitation of this vulnerability may allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance.

Solution:

Cisco has released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-unauthapi-sphCLYPA
  2. https://www.itnews.com.au/news/cisco-sd-wan-api-vulnerability-patched-597922

Check Also

Remote Code Execution Vulnerabilities in IBM Operational Decision Manager, and IBM i Modernization Engine for Lifecycle Integration (CVE-2019-19919, CVE-2019-12384)

Advisory No: TZCERT/SA/2024/05/17-6 Date of First Release: 17th May 2024 Source: IBM Software Affected: IBM …