Cisco SD-WAN vManage impacted by unauthenticated REST API access


A vulnerability in the Cisco SD-WAN vManage management tool enables a remote, unauthenticated attacker to obtain read or restricted write capabilities to the configuration of the compromised instance. Yesterday, Cisco released a security bulletin advising of a critical-severity vulnerability, identified as CVE-2023-20214, in the request authentication validation for the REST API of Cisco SD-WAN vManage software.

A cloud-based technology called Cisco SD-WAN vManage enables businesses to plan, set up, and control distributed networks across numerous sites. vManage instances are deployments that may be used for centralised network management, configuring VPNs, orchestrating SD-WAN, deploying device configurations, enforcing policies, etc.

Read More…