Cisco SD-WAN Denial of Service Vulnerabilities

Vulnerability

CVE-2021-1278 describes multiple denial-of-service (DoS) vulnerabilities in Cisco SD-WAN products, including vEdge Routers, vBond Orchestrator Software, vEdge Cloud Routers, vManage Software, and vSmart Controller Software [1]. The vulnerabilities are not dependent on one another. One flaw (CVE-2021-1241) exists in VPN tunneling features due to insufficient handling of malformed packets. Another (CVE-2021-1273) affects IPSec tunnel management due to improper bounds checking in the forwarding plane [1]. These issues affect multiple software releases across the Cisco SD-WAN product family [1].

Exploitation

An unauthenticated, remote attacker can exploit these vulnerabilities by sending crafted packets to an affected device [1]. For the VPN tunneling vulnerability, the attacker sends malformed packets through the device. For the IPSec vulnerability, the attacker sends crafted IPv4 or IPv6 packets to the IPSec tunnel management functionality. No user interaction or prior authentication is required [1].

Impact

Successful exploitation causes the affected device to reboot, resulting in a denial-of-service (DoS) condition [1]. This can disrupt network operations and services relying on the SD-WAN infrastructure. The CVSS base score for CVE-2021-1241 is 8.6 (High) with vector AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H, indicating high availability impact with no confidentiality or integrity impact [1].

Mitigation

Cisco has released software updates that address these vulnerabilities. Affected users should upgrade to the latest fixed software version as indicated in the Cisco Security Advisory [1]. There are no workarounds that address these vulnerabilities [1]. No known exploitation in the wild (KEV) has been reported for these CVEs.