On many occasions, vulnerabilities appear that can compromise the security of our devices. It affects all types of operating systems, programs, and any platform that we use. Hackers can exploit this to carry out their attacks. Hence it is essential to correct the errors. In this article, we report on a series of critical flaws that affect Cisco, allowing an attacker to create administrator accounts and execute commands as root.
Table of Contents
New vulnerabilities put Cisco in check
These are critical bugs that affect SD-WAN vManage software and HyperFlex HX. This could allow a hypothetical attacker to control as if they were an administrator and could execute arbitrary commands.
The company has released updates to correct this problem, so users should update as soon as possible. These vulnerabilities have been classified as high and medium severity precisely because of what we discussed about the possibility of carrying out remote attacks with administrator permissions.
This escalation of privileges could also lead to the denial of services on unpatched servers. Although the company has indicated that they have no evidence that there has been an attack taking advantage of these vulnerabilities, the truth is that they can be exploited both remotely and internally.
An attacker could not only carry out code execution remotely but also access and steal confidential information. This is something that could affect both home users and companies and organizations.
These flaws could be exploited locally by authenticated attackers to gain elevated privileges or unauthorized access to an attack-vulnerable application.
The errors critical security Cisco have been registered as CVE-2021-1497, CVE-2021-1468, and CVE-2021-1505, with a score from 9.1 to 9.8 out of 10. In particular are the following vulnerabilities:
- CVE-2021-1468: Cisco SD-WAN vManage Unauthorized Message Processing Vulnerability
- CVE-2021-1505: Cisco SD-WAN vManage Privilege Escalation Vulnerability
- CVE-2021-1497: Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability
Remember that these failures only affect the software that operates in a cluster, as indicated by Cisco.
How To Correct This Problem
The company itself indicates that customers can check if the software is operating in cluster mode. To do this, go to Administration> Cluster Management in the Cisco SD-WAN vManage web-based management interface.
Keep in mind that it is not the first problem of this type that we have seen in recent months. Vulnerabilities may appear that are exploited by attackers, as we see. Hence the importance of always keeping equipment updated. There are many devices that we use. We have already seen that there are differences between router and access point, but you always have to install the latest versions.
Therefore, there is no better way to correct this problem and other similar vulnerabilities that may appear always to keep systems and devices with the latest versions. We will not only improve performance but also fix security issues that may arise. The objective is to prevent the entry of intruders that could compromise us.