Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, is vulnerable to multiple vulnerabilities. The vulnerabilities are tracked as CVE-2023-20034, CVE-2023-20252, CVE-2023-20253, CVE-2023-20254, & CVE-2023-20262, which have medium, high, and critical severities Successful exploitation of the vulnerabilities may allow an attacker to access an affected instance or cause a denial of service (DoS) condition.
The Cisco TAC support team has discovered a critical vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software. CVE-2023-20214 allows an unauthenticated attacker to retrieve information and send data to the configuration of the affected Cisco vManage instance. The Cisco SD-WAN Solution provides an advanced, software-based solution that lowers … Continue reading “Cisco Releases Patch for SD-WAN vManage Unauthenticated REST API Access Vulnerability (CVE-2023-20214)”