Advisory No: TZCERT/SA/2023/09/28
Date of First Release: 28th September 2023
Software Affected: Cisco Catalyst SD-WAN Manager
Multiple independent vulnerabilities have been identified to affect multiple components in a Cisco device. These independent vulnerabilities which do not require exploitation of another vulnerability to be exploited may allow an attacker to compromise the confidentiality and availability of the affected system.
CVE-2023-20252: A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user.
CVE-2023-20253: A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with read-only privileges to bypass authorization and roll back controller configurations, which could then be deployed to the downstream routers.
CVE-2023-20034: A vulnerability in the access control implementation for Elasticsearch could allow the attacker to view the Elasticsearch database content as the Elasticsearch user.
CVE-2023-20254: A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant due to insufficient user session management allowing the attacker to access information about another tenant, make configuration changes, or possibly take a tenant offline and cause a DoS condition.
CVE-2023-20262: A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only.
Successful exploitation of this vulnerability may allow the attacker to gain unauthorized access or cause a denial of service (DoS) condition.
Cisco has released patches for these vulnerabilities. Users and administrators are encouraged to apply all necessary updates.