Cisco Bug the Permits Attackers to Create Admin Controls, Run Commands as Root!

Cisco Bug the Permits Attackers to Create Admin Controls, Run Commands as Root!

Cisco updated the critical SD-WAN vManage and HyprtFlws HX application security bug that permits the remote attackers to run commands as root and make admin controls accordingly.

The organization has also driven the security updates while addressing the medium and high severity vulnerabilities present in the multiple software products that may authorize the attackers to run the arbitrary code remotely and initiate the DoS attack or enhance the privileges on the unsecured servers.

However, the organization Cisco’s PSIRT team said that they were not aware of these active vulnerabilities that may get wild in the future.

Which Vulnerabilities are Exploited and Execute the Code?

Cisco Bug the Permits Attackers to Create Admin Controls, Run Commands as Root!

Cisco SD-WAN vManage application vulnerabilities are fixed by Cisco which permits the attacker to execute the arbitrary code and get the confidential data from the remote servers.

The vulnerabilities are also be exploited by the local attacks that have the privileges or authenticity the provide unauthorized access to the software and execute the attack.

However, the Cisco HyperFlex HX Command Injection security bug also makes the remote attacks target the servers while injecting the commands on the servers. In both cases, the vulnerabilities present are successfully exploited and the bugs founded are not dependent on others.

Vulnerabilities Discovered not Need any Authentication

These three security vulnerabilities that were rated as critical by Cisco are identified are;

  • CVE-2021-1468: Identified as Cisco SD-WAN vManage Cluster-Mode Unauthorized Message Processing the Vulnerability
  • CVE-2021-1497: Known as Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability
  • CVE-2021-1505: Cisco SD-Wan vManage Cluster-Mode Privilege Escalation Vulnerability

Whereas, the organization said that the critical bug SD-WAN vManage only capable to affect the software that was operating in a cluster. Users can also verify whether the software is operating the cluster mode by initiating the Cisco SD-WAN vMagane web-based management interface Administration > Cluster Management view.

However, they can also exploit the low-level attacks that don’t need any authentication or user interaction, the organization also identified another critical pre-authentication remote code execution vulnerability that impacts the SD-WAN vManage that assists the attackers to get the root access on the particular operating system.

The organization also patched the pre-authorized Cisco SD-WAN RCE vulnerability that permits the attackers to execute arbitrary code with not root privileges and having two or more critical bugs that were fixed in July 2020.

Leave a Reply