Cisco issues eight separate security advisories alerting customers to array of vulnerabilities

Cisco has released security advisories amid the discovery of vulnerabilities affecting a slew of products across its portfolio. 

The vulnerabilities disclosed by Cisco vary in severity and include flaws spanning Cisco’s Catalyst SD-WAN Manager line and in the web UI of Cisco IOS XE Software.

The most serious of the issues raised in the eight separate security advisories was the set of vulnerabilities in the firm’s Catalyst SD-WAN manager. 

Among the five flaws identified by Cisco was CVE-2023-20252, an authorized access vulnerability given a near-maximum CVSS score of 9.8.

This vulnerability affects the security assertion markup language (SAML) APIs of the SD-WAN Manager, which Cisco said could enable an unauthenticated, remote attacker to “gain unauthorized access to the application as an arbitrary user”.

“This vulnerability is due to improper authentication checks for SAML APIs,” Cisco said in its security notice. “An attacker could exploit this vulnerability by sending requests directly to the SAML APIs. A successful exploit could allow the attacker to generate an authorization token sufficient to access the application.” 

Cisco said it has released a patch that remediates the vulnerability, and warned customers there are no current workarounds to address the flaw. 

The firm also reiterated that the vulnerability was isolated to this product line, adding that other products including SD-WAN cEdge Routers and SD-WAN vEdge Routers are not affected.  

A separate vulnerability in SD-WAN flagged by Cisco, tracked as CVE-2023-20253, could also allow an attacker with read-only privileges to bypass authorization and “rollback controller configurations”, the firm said. 

Attackers could deploy this configuration rollback to downstream routers, Cisco warned. 

All flaws relating to its SD-WAN manager have also been addressed, Cisco confirmed. 

Each of the other seven products that have received security advisories is impacted by their own product-specific flaws, many of which were given ‘high’ severity ratings.

A complete list of affected products can be found below:

• Cisco IOS XE Software Web UI
• Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers
• Cisco IOS XE Software Layer 2 Tunneling Protocol
• Cisco DNA Center API Insufficient Access Control
• Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches
• Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense
• Cisco IOS and IOS XE Software 

Cisco router vulnerabilities

The flurry of security updates for Cisco comes in the wake of a joint advisory over ongoing threats to the firm’s router firmware. 

An advisory earlier this week from the NSA, FBI, CISA, and Japan’s NISC security agency warned that a Chinese-linked threat group had been observed modifying firmware on Cisco routers to target US and Japanese organizations. 

The group, known as ‘BlackTech’, was found to have specifically targeted routers at divisional branch offices to gain a deeper foothold in corporate networks. 

Cisco issued an update to customers in the wake of the advisory, advising that recorded attacks involved stolen - or weak - admin credentials. 

The firm reassured customers that there was no evidence of vulnerabilities being actively exploited.