Cisco plugs serious flaws in Policy Suite, SD-WAN, and Nexus switches

Cisco has issued another batch of fixes, plugging a number of critical and high severity holes in its Policy Suite, SD-WAN, and Nexus products.

Cisco Policy Suite

Users of the Cisco Policy Suite should upgrade to Release 18.2.0 as soon as possible, as it implements fixes for four critical vulnerabilities:

• A vulnerability (CVE-2018-0376) in the Policy Builder interface of the Suite that could be exploited by an unauthenticated, remote attacker to access the Policy Builder interface and to make changes to existing repositories and create new repositories.
• A vulnerability (CVE-2018-0377) in the Open Systems Gateway initiative (OSGi) interface of the Suite that could be exploited by an unauthenticated, remote attacker to access or change any files that are accessible by the OSGi process.
• A vulnerability (CVE-2018-0374) in the Policy Builder database of the Suite that could be exploited by an unauthenticated, remote attacker to access and change any data in the Policy Builder database.
• A vulnerability (CVE-2018-0375) in the Cluster Manager of the Suite that could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials, and to execute arbitrary commands as the root user.

The good news is all of these flaws were found during internal security testing, and the Cisco PSIRT is not aware of any public announcements or malicious use of any of these vulnerabilities.

Cisco SD-WAN solution and Nexus switches

The Cisco SD-WAN Solution – a cloud-delivered overlay WAN architecture for enterprises – is affected by many high severity flaws that range from remote code execution and command injection to DoS and arbitrary file overwrite flaws.

Users of the vBond Orchestrator Software, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software, and various series of the vEdge routers should check which Cisco SD-WAN release they are running. If it’s a release prior to release 18.3.0 they should upgrade to that version as there are no workarounds available for any of these vulnerabilities.

Finally, Cisco Nexus 9000 Series Fabric Switches in ACI Mode running software version 13.0(1k) should also be updated to the version 13.0(2k) and later to plug a Denial of Service flaw that was discovered during the resolution of a Cisco Technical Assistance Center (TAC) support case.

Cisco says that there are no known instances of the flaw being exploited in the wild, but has provided indicators of compromise that administrators should be on the lookout for.