Cisco SD-WAN Denial of Service Vulnerabilities

Vulnerability

A vulnerability in the IPSec tunnel management of Cisco SD-WAN vBond Orchestrator Software, Cisco SD-WAN vEdge Cloud Routers, Cisco SD-WAN vEdge Routers, Cisco SD-WAN vManage Software, and Cisco SD-WAN vSmart Controller Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system [1]. The vulnerability is due to insufficient bounds checking in the forwarding plane of the IPSec tunnel management functionality. Affected versions include various releases prior to the fixed versions [1].

Exploitation

An attacker does not need authentication or any special network position beyond being able to send IPv4 or IPv6 packets to a vulnerable device [1]. The exploit involves sending specially crafted IPv4 or IPv6 packets to the affected device, which triggers the bounds-checking flaw and causes a DoS condition [1]. No user interaction is required.

Impact

A successful exploit allows the attacker to cause the affected device to reboot or otherwise become unavailable, resulting in a denial of service condition [1]. This impacts availability only; confidentiality and integrity are not directly affected. The DoS can disrupt SD-WAN operations for all downstream traffic.

Mitigation

Cisco has released software updates that address this vulnerability [1]. There are no workarounds that address this vulnerability [1]. Affected users should upgrade to the fixed software versions as indicated in the Cisco Security Advisory [1].