Cisco SD-WAN vEdge Routers Denial of Service Vulnerability

Vulnerability

The deep packet inspection (DPI) engine in Cisco SD-WAN vEdge Routers improperly processes FTP traffic. This vulnerability, identified as CVE-2020-3369, affects devices running affected software versions. An unauthenticated, remote attacker can exploit this by sending crafted FTP packets through the device. The issue is documented in Cisco Security Advisory [1].

Exploitation

An attacker does not require authentication or prior access. The attacker sends specially crafted FTP packets that traverse the affected vEdge router. The DPI engine mishandles these packets, leading to a condition that causes the device to reboot continuously. No user interaction is needed.

Impact

Successful exploitation results in a denial of service (DoS) condition. The device enters a continuous reboot cycle, disrupting network services. The impact is limited to availability; no data confidentiality or integrity is compromised.

Mitigation

Cisco has released free software updates to address this vulnerability. Customers should upgrade to the fixed software version as indicated in the Cisco Security Advisory [1]. No workarounds are mentioned. Customers without service contracts should contact Cisco TAC for assistance.