Immediate Action Required: CISA Issues Emergency Directive to Secure Cisco SD-WAN Systems

CISA has issued an emergency directive to secure Cisco SD-WAN systems due to a vulnerability that allows remote code execution. Affected systems include Cisco SD-WAN vManage and vSmart controllers. The attack vector is a remote code execution vulnerability.

1. The vulnerability, CVE-2023-1669, is a remote code execution vulnerability in Cisco SD-WAN vManage and vSmart controllers.
2. The vulnerability affects Cisco SD-WAN vManage and vSmart controllers versions prior to 20.4.1 and 20.4.1R1, respectively.
3. Attackers can exploit the vulnerability by sending a specially crafted HTTP request to the affected system, allowing them to execute arbitrary code.
4. Detection opportunities include monitoring for suspicious HTTP traffic and unusual system behavior.

T1210 - Exploit Public-Facing Application

CVE-2023-1669
Cisco SD-WAN vManage and vSmart controllers versions prior to 20.4.1 and 20.4.1R1

Apply the latest patch, version 20.4.1 or later, to Cisco SD-WAN vManage and vSmart controllers to mitigate the vulnerability.