Connect with us

Hi, what are you looking for?



Critical Cisco SD-WAN Vulnerability Leads to Information Leaks

A critical vulnerability in the Cisco SD-WAN vManage software could allow unauthenticated attackers to retrieve information from vulnerable instances.

A remotely-exploitable critical vulnerability in the Cisco SD-WAN vManage software could allow unauthenticated attackers to retrieve information from vulnerable instances.

Tracked as CVE-2023-20214 (CVSS score of 9.1), the vulnerability exists because the REST API feature of vManage does not sufficiently validate requests.

The vManage API allows administrators to configure, control, and monitor Cisco devices over the network.

An attacker could trigger the vulnerability by sending a crafted API request to a vulnerable instance, to retrieve information from vManage, or send information to it.

“A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance,” Cisco explains in an advisory.

The web-based management interface and the CLI are not impacted by this security defect, the tech giant explains.

To hunt for attempts to access the REST API, administrators are advised to examine a log file. The existence of requests in the log, however, does not indicate unauthorized access, Cisco explains.

Advertisement. Scroll to continue reading.

The tech giant notes that, while there are no workarounds to address this bug, implementing access control lists (ACLs) to limit vManage access mitigates the issue.

“In cloud hosted deployments, access to vManage is limited by ACLs that contain permitted IP addresses. Network administrators should review and edit the permitted IP addresses in the ACLs. In on-premises deployments, vManage access can be limited in a similar way by using ACLs and configuring permitted IP addresses,” Cisco explains.

The vulnerability has been addressed with the release of SD-WAN vManage versions,,,,, and Versions 18.3 to are not affected. Customers using SD-WAN vManage versions 20.7 and 20.8 are advised to migrate to a patched version.

Cisco’s security team says it is not aware of this vulnerability being exploited in attacks.

Related: Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic

Related: PoC Exploit Published for Cisco AnyConnect Secure Vulnerability

Related: Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.