October 3, 2023

Cisco is warning that the vManage software that ships with its SD-WAN has an authentication vulnerability in its REST API.

The critical-rated vulnerability, tracked as CVE-2023-20214, has a CVSS score of 9.1, because it can give an unauthenticated remote attacker read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.

Cisco’s advisory states that the REST API has “insufficient request validation”.  An attacker send a crafted API request to the vManage instance and could subsequently read and send information to the affected instance.


Cisco’s advisory includes instructions for customers to view attempts to access the API in its log file. Customers would then have to assess whether any of those access attempts represented an attack or a legitimate request. “The presence of requests in this log does not indicate unauthorised access; rather, it only indicates that attempts have been made to access the REST API”, the advisory states.

The company also recommends customers restrict access to the API to permitted IP addresses using an access control list. Affected versions include SD-WAN vManage (fixed version; 20.6.4 (fixed in; 20.6.5 (fixed in; 20.9 (fixed in; 20.10 (fixed in; and 20.11 (fixed in Customers with versions 20.7 or 20.8 will need to migrate to a fixed release.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

  • IOS XE
  • SD-WAN cEdge Routers
  • SD-WAN vBond Orchestrator Software
  • SD-WAN vEdge Cloud Routers
  • SD-WAN vEdge Routers
  • SD-WAN vSmart Controller Software

There are no workarounds that address this vulnerability. However, to mitigate this vulnerability and significantly reduce the attack surface, network administrators should enable access control lists (ACLs) to limit access to the vManage instance.

Leave a Reply

%d bloggers like this: