Advisory No: TZCERT/SA/2023/07/14-03

Date of First Release: 14^th July 2023

Source: Cisco

Software Affected: Cisco SD-WAN vManage software

Overview:

Cisco has released security patches to address a critical vulnerability affecting Cisco SD-WAN vManage software. The vulnerability could allow an attacker to attain unauthenticated access to REST API.

Description:

Cisco SD-WAN vManage is affected with an authentication vulnerability in its REST API. This is the result of insufficient request validation when using REST API feature. The vulnerability allows unauthenticated remote attacker to read or write to the configuration of the affected vManage instance.

Impact:

Successful exploitation of this vulnerability may allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance.

Solution:

Cisco has released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-unauthapi-sphCLYPA
2. https://www.itnews.com.au/news/cisco-sd-wan-api-vulnerability-patched-597922

Aruba Networks has released security updates to address vulnerabilities in ArubaOS. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Aruba Networks Security Advisory and apply necessary updates.

F5 has released security updates to address vulnerabilities in BIG-IP. Exploitation of these vulnerabilities may allow an attacker to access to sensitive information.

Users and administrators are encouraged to review F5 Security Advisory and apply necessary updates.

Cisco has released security updates to address vulnerabilities in Cisco SD-WAN vManage, Cisco Secure Email and Cisco Secure Web Appliance. Exploitation of these vulnerabilities may allow an attacker to escalated privilege.

Users and administrators are encouraged to review Cisco Security Advisories cisco-sa-vmanage-unauthapi and cisco-sa-esa-sma-wsa-xss and apply necessary updates.

Wordfence has released security updates to address vulnerabilities in multiple WordPress plugin. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Wordfence Security Advisories mailarchiver-2101, sp-project-document-manager-467, super-socializer-71353, all-in-one-wp-security-519, kb-support-1588 and post-smtp-257 and apply necessary updates.