====================================================================

CERT-Renater

Note d'Information No. 2020/VULN434
_____________________________________________________________________

DATE : 31/07/2020

HARDWARE PLATFORM(S): Cico

OPERATING SYSTEM(S): Cisco SD-WAN Solution Software

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdbufof-h5f5VSeL
_____________________________________________________________________


    Summary

  *

    A vulnerability in Cisco SD-WAN Solution Software could allow an
    unauthenticated, remote attacker to cause a buffer overflow on an
    affected device.

    The vulnerability is due to insufficient input validation. An
    attacker could exploit this vulnerability by sending crafted traffic
    to an affected device. A successful exploit could allow the attacker
    to gain access to information that they are not authorized to
    access, make changes to the system that they are not authorized to
    make, and execute commands on an affected system with privileges of
    the /root/ user.

    Cisco has released software updates that address this vulnerability.
    There are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdbufof-h5f5VSeL


    Affected Products

  *


        Vulnerable Products

    This vulnerability affects the following Cisco products if they are
    running a vulnerable release of Cisco SD-WAN Solution Software:

      o IOS XE SD-WAN Software
      o SD-WAN vBond Orchestrator Software
      o SD-WAN vEdge Cloud Routers
      o SD-WAN vEdge Routers
      o SD-WAN vManage Software
      o SD-WAN vSmart Controller Software

    For information about which Cisco software releases are vulnerable,
    see the Fixed Software
    <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdbufof-h5f5VSeL#fs> section
    of this advisory.


        Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products
    <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdbufof-h5f5VSeL#vp> section
    of this advisory are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the
    following Cisco products:

      o Adaptive Security Appliance (ASA) Software
      o IOS Software
      o IOS XE Software
      o NX-OS Software


    Workarounds

  *

    There are no workarounds that address this vulnerability.


    Fixed Software

  *

    Cisco has released free software updates that address the
    vulnerability described in this advisory. Customers may only install
    and expect support for software versions and feature sets for which
    they have purchased a license. By installing, downloading,
    accessing, or otherwise using such software upgrades, customers
    agree to follow the terms of the Cisco software
    license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they
    have a valid license, procured from Cisco directly, or through a
    Cisco authorized reseller or partner. In most cases this will be a
    maintenance upgrade to software that was previously purchased. Free
    security software updates do not entitle customers to a new software
    license, additional software feature sets, or major revision upgrades.

    When considering software upgrades
    <https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes>,
    customers are advised to regularly consult the advisories for Cisco
    products, which are available from the Cisco Security Advisories and
    Alerts page <https://www.cisco.com/go/psirt>, to determine exposure
    and a complete upgrade solution.

    In all cases, customers should ensure that the devices to be
    upgraded contain sufficient memory and confirm that current hardware
    and software configurations will continue to be supported properly
    by the new release. If the information is not clear, customers are
    advised to contact the Cisco Technical Assistance Center (TAC) or
    their contracted maintenance providers.


          Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco
    service contract and customers who make purchases through
    third-party vendors but are unsuccessful in obtaining fixed software
    through their point of sale should obtain upgrades by contacting the
    Cisco
    TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be
    prepared to provide the URL of this advisory as evidence of
    entitlement to a free upgrade.


          Fixed Releases

    Customers are advised to upgrade to an appropriate fixed software
    release as indicated in the following table(s):

    *SD-WAN vManage Software*

    Cisco SD-WAN vManage Software Release 	First Fixed Release
    18.3.0 	Migrate to a fixed release.
    18.4.0 	18.4.5
    19.2.0 	19.2.3
    19.3.0 	Migrate to a fixed release.
    20.1.0 	20.1.1

    *SD-WAN vEdge, vBond, and vSmart Software*

    Cisco SD-WAN vEdge, vBond, and vSmart Software Releases 	First Fixed
    Release
    18.3.0 	Migrate to a fixed release.
    18.4.0 	18.4.5
    19.2.0 	19.2.3
    19.3.0 	Migrate to a fixed release.
    20.1.0 	20.1.1

    *IOS XE SD-WAN Software*

    Cisco IOS XE SD-WAN Software Release 	First Fixed Release
    16.9 	Migrate to a fixed release.
    16.10 	Migrate to a fixed release.
    16.11 	Migrate to a fixed release.
    16.12 	16.12.4
    17.2 	17.2.1r


    Exploitation and Public Announcements

  *

    The Cisco Product Security Incident Response Team (PSIRT) is not
    aware of any public announcements or malicious use of the
    vulnerability that is described in this advisory.


    Source

  *

    This vulnerability was found during internal security testing by
    James Spadaro of the Cisco Advanced Security Initiatives Group (ASIG).


    URL

  *
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdbufof-h5f5VSeL


    Revision History

  *
    Version 	Description 	Section 	Status 	Date
    1.0 	Initial public release. 	— 	Final 	2020-JUL-29
    1.2 	Updated Fixed Software section. 	Fixed Software 	Final
    2020-JUL-29

    Show Complete History...

------------------------------------------------------------------------


    LEGAL DISCLAIMER

  *

    THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
    KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
    MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
    INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
    AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
    DOCUMENT AT ANY TIME.

    A standalone copy or paraphrase of the text of this document that
    omits the distribution URL is an uncontrolled copy and may lack
    important information or contain factual errors. The information in
    this document is intended for end users of Cisco products.



======================================================================================



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================