A critical vulnerability has been discovered in the Cisco SD-WAN vManage software, posing a significant risk to organizations. Tracked as CVE-2023-20214 with a CVSS score of 9.1, the flaw stems from the inadequate validation of REST API requests in vManage. This allows unauthenticated attackers to exploit the vulnerability and retrieve sensitive information or manipulate the configuration of affected instances. To mitigate the risk, Cisco advises implementing access control lists (ACLs) to limit vManage access. The company has released patched versions of SD-WAN vManage to address the vulnerability, while versions 18.3 to 20.6.3.2 are unaffected. So far, there are no known instances of this vulnerability being exploited in real-world attacks.

Read more: https://www.securityweek.com/critical-cisco-sd-wan-vulnerability-leads-to-information-leaks/