Cisco SD-WAN Software Information Disclosure Vulnerability

Vulnerability

An authenticated, local attacker can exploit an improper file access protection mechanism in the Cisco SD-WAN Software CLI to read arbitrary files on the system. The vulnerability stems from insufficient restrictions on file access through CLI commands, allowing a user with local access to target any file on the local filesystem. Affected versions include Cisco SD-WAN Software releases 18.4, 19.2, 20.3 (fixed in 20.3.5), 20.4 (fixed in 20.4.2), 20.5 (fixed in 20.5.2), and 20.6 (fixed in 20.6.1) [1].

Exploitation

An attacker must have authenticated access to the CLI of an affected Cisco SD-WAN device. No special privileges beyond standard user-level authentication are required. The attacker simply runs a specially crafted CLI command that specifies the path to an arbitrary file on the local system, bypassing intended access controls [1].

Impact

Successful exploitation allows the attacker to read portions of any file on the local system, potentially leading to the disclosure of sensitive information such as configuration files, credentials, or other confidential data. The attacker does not gain write or execute capabilities, but the information disclosure could be leveraged for further attacks [1].

Mitigation

Cisco has released fixed software versions: 20.3.5, 20.4.2, 20.5.2, and 20.6.1. For releases 18.4 and 19.2, Cisco recommends migrating to a fixed release. Customers should consult the Cisco Security Advisory and the associated bug ID for the most current information [1]. As of publication, no workaround is listed.