Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
Cisco's June 15 PSIRT advisory describes an arbitrary file write flaw in the web UI of Catalyst SD-WAN Manager (formerly SD-WAN vManage) that lets an authenticated remote attacker create or overwrite any file on the unde.
At a glance
- Cisco disclosed an arbitrary file write vulnerability in Catalyst SD-WAN Manager's web UI on June 15.
- An authenticated remote attacker can create or overwrite any file on the filesystem via a crafted HTTP request to an affected API endpoint.
- Cisco says a planted file could later be used to elevate privileges to root.
VERDICT — CONFIRMED
Cisco's June 15 PSIRT advisory describes an arbitrary file write flaw in the web UI of Catalyst SD-WAN Manager (formerly SD-WAN vManage) that lets an authenticated remote attacker create or overwrite any file on the underlying operating system. The bug stems from improper validation of user-supplied input during a file upload process and is triggered via a crafted HTTP request to an affected API endpoint. Per the advisory, a written file could later be used to elevate privileges to root; exploitation requires valid credentials.
Key facts on file
- Cisco disclosed an arbitrary file write vulnerability in Catalyst SD-WAN Manager's web UI on June 15.
- An authenticated remote attacker can create or overwrite any file on the filesystem via a crafted HTTP request to an affected API endpoint.
- Cisco says a planted file could later be used to elevate privileges to root.