SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Critical Cisco SD-WAN Vulnerability Leads to Information Leaks

A critical vulnerability in the Cisco SD-WAN vManage software could allow unauthenticated attackers to retrieve information from vulnerable instances.

A remotely-exploitable critical vulnerability in the Cisco SD-WAN vManage software could allow unauthenticated attackers to retrieve information from vulnerable instances.

Tracked as CVE-2023-20214 (CVSS score of 9.1), the vulnerability exists because the REST API feature of vManage does not sufficiently validate requests.

The vManage API allows administrators to configure, control, and monitor Cisco devices over the network.

An attacker could trigger the vulnerability by sending a crafted API request to a vulnerable instance, to retrieve information from vManage, or send information to it.

“A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance,” Cisco explains in an advisory.

The web-based management interface and the CLI are not impacted by this security defect, the tech giant explains.

Advertisement. Scroll to continue reading.

To hunt for attempts to access the REST API, administrators are advised to examine a log file. The existence of requests in the log, however, does not indicate unauthorized access, Cisco explains.

The tech giant notes that, while there are no workarounds to address this bug, implementing access control lists (ACLs) to limit vManage access mitigates the issue.

“In cloud hosted deployments, access to vManage is limited by ACLs that contain permitted IP addresses. Network administrators should review and edit the permitted IP addresses in the ACLs. In on-premises deployments, vManage access can be limited in a similar way by using ACLs and configuring permitted IP addresses,” Cisco explains.

The vulnerability has been addressed with the release of SD-WAN vManage versions 20.6.3.4, 20.6.4.2, 20.6.5.5, 20.9.3.2, 20.10.1.2, and 20.11.1.2. Versions 18.3 to 20.6.3.2 are not affected. Customers using SD-WAN vManage versions 20.7 and 20.8 are advised to migrate to a patched version.

Cisco’s security team says it is not aware of this vulnerability being exploited in attacks.

Related: Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic

Related: PoC Exploit Published for Cisco AnyConnect Secure Vulnerability

Related: Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Why Email Security Keeps Failing (And What Has to Change)
July 8, 2026

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

Virtual Event: 2026 Cloud Security Summit
July 16, 2026

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

Philip Martin has joined Uber as Chief Information Security Officer.

More People On The Move

Expert Insights

No Exploits Required

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.