Cisco Tackles Root Privilege Vulnerability in SD-WAN Software (Mar 19, 2020)
Cisco employees are actively patching three root escalation vulnerabilities software defined wide area networks (SD-WAN) due to insufficient input validation. SD-WAN is a virtual architecture used to manage large scale networks effectively, and these exploits will result in compromised systems. The first vulnerability tracked is “CVE-2020-3264”, and if leveraged can result in buffer overflows leaking sensitive data. The second vulnerability leveraged is “CVE-2020-3265”, which will allow privilege escalation by sending crafted requests to compromised systems. The final exploit is referred to as “CVE-2020-3266”, this will allow for threat actors to inject arbitrary commands into systems.
Recommendation: The security update should be applied as soon as possible because of the high criticality rating of these vulnerabilities and the potential for an actor to take control of an affected system, or exfiltrate sensitive data. Additionally, your company should have policies in place to review and apply security updates for software in use to protect against known vulnerabilities that threat actors may exploit.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.