Cisco SD-WAN vManage & Small Business Routers¶à¸ö°²È«·ì϶

°ä²¼¹¦·ò 2021-04-08

0x00 ·ì϶¸ÅÊö

2021Äê04ÔÂ07ÈÕ£¬Cisco°ä²¼°²È«²¼¸æ£¬½¨¸´ÁËCisco SD-WAN vManageÈí¼þÖеÄ3¸ö°²È«·ì϶ÒÔ¼°CiscoÓ×ÐÍÆóÒµRV110W¡¢RV130¡¢RV130WºÍRV215W·ÓÉÆ÷ÖеÄ1¸öÔ¶³Ì´úÂëÖ´Ðзì϶£¬¾­¹ýÉí·ÝÑéÖ¤»òδ¾­ÑéÖ¤µÄ¹¥»÷ÕßÄܹ»Í¨¹ýÀûÓÃÕâЩ·ì϶ÌáÉýȨÏÞ»òÔÚϵͳÉÏÖ´ÐÐËÁÒâ´úÂë¡£

 

0x01 ·ì϶ÏêÇé

image.png

 

·ì϶ÏêÇéÈçÏ£º

Cisco SD-WAN vManage»º³åÇøÒç¶Âí½Å£¨CVE-2021-1479£©

¸Ã·ì϶´æÔÚÓÚCisco SD-WAN vManageÈí¼þµÄÔ¶³ÌÖÎÀí×é¼þÖУ¬ÆäCVSSÆÀ·Ö9.8¡£

ÓÉÓÚ¶ÔÓû§µÄÊäÈëÑéÖ¤²»ÕýÈ·£¬Î´¾­ÑéÖ¤µÄ¹¥»÷ÕßÄܹ»Í¨¹ýÏòÒ×Êܹ¥»÷µÄ×é¼þ·¢ËͶñÒâµÄÏνÓÒªÇóÀ´ÀûÓô˷ì϶£¬Õâ¿ÉÄܵ¼Ö»º³åÇøÒç³ö£¬³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷Õß¿ÉÄÜÒÔrootȨÏÞÔÚϵͳÉÏÖ´ÐÐËÁÒâ´úÂë¡£

 

Cisco SD-WAN vManageȨÏÞÌáÉý·ì϶£¨CVE-2021-1137£©

¸Ã·ì϶´æÔÚÓÚCisco SD-WANÈí¼þµÄÓû§ÖÎÀíÖ°ÄÜÖУ¬ÆäCVSSÆÀ·Ö7.8¡£

ÓÉÓÚÊäÈëÑéÖ¤²»¼°£¬Õ¼ÓÐÔÚvManageϵͳÉÏÔö³¤ÐÂÓû§»ò×éµÄȨÏ޵ľ­¹ýÑéÖ¤µÄ¹¥»÷ÕßÄܹ»Í¨¹ýÅú¸ÄÓû§ÕË»§À´ÀûÓô˷ì϶¡£³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷ÕßÄܹ»»ñµÃϵͳµÄrootȨÏÞ¡£

 

Cisco SD-WAN vManageȨÏÞÌáÉý·ì϶£¨CVE-2021-1480£©

¸Ã·ì϶´æÔÚÓÚCisco SD-WANÈí¼þµÄϵͳÎļþ´«ÊäÖ°ÄÜÖУ¬ÆäCVSSÆÀ·Ö7.8¡£

ÓÉÓÚ¶ÔϵͳÎļþ´«ÊäÖ°ÄܵÄÊäÈëÑéÖ¤²»ÕýÈ·£¬¾­¹ýÉí·ÝÑéÖ¤µÄ¹¥»÷ÕßÄܹ»Í¨¹ýÏòÒ×Êܹ¥»÷µÄϵͳ·¢ËͶñÒâÒªÇóÀ´ÀûÓô˷ì϶£¬³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷ÕßÄܹ»¸²¸ÇËÁÒâÎļþ²¢ÒÔrootÓû§È¨ÏÞÅú¸Äϵͳ¡£

 

Cisco Small Business routersÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2021-1459£©

¸Ã·ì϶´æÔÚÓÚCisco Small Business RV110W¡¢RV130¡¢RV130WºÍRV215W·ÓÉÆ÷»ùÓÚWebµÄÖÎÀí½çÃæÖУ¬ÆäCVSSÆÀ·ÖΪ9.8¡£

ÓÉÓÚδÕýÈ·ÑéÖ¤Óû§ÌṩµÄÊäÈ룬¹¥»÷ÕßÄܹ»Í¨¹ýÏòÖ¸±êÉ豸·¢ËͶñÒâµÄHTTPÒªÇóÀ´ÀûÓô˷ì϶£¬³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷Õß¿ÉÄÜÒÔroot Óû§Éí·ÝÔÚÊÜÓ°ÏìÉ豸ϵͳÉÏÖ´ÐÐËÁÒâ´úÂë ¡£


Ó°ÏìÁìÓò

´Ë·ì϶ӰÏìÒÔÏÂCisco Small Business RVϵÁзÓÉÆ÷£º

RV110W Wireless-N VPN Firewall

RV130 VPN Router

RV130W Wireless-N Multifunction VPN Router

RV215W Wireless-N VPN Router

 

 

0x02 ´ëÖý¨Òé

Ä¿Ç°Cisco Small Business RV110W¡¢RV130¡¢RV130WºÍRV215W·ÓÉÆ÷ÒÑÖÕ³¡Ö§³Ö£¬¹Ù·½½«²»»áÔÙ°ä²¼°²È«¸üУ¬½¨ÒéǨáãµ½Cisco Small Business RV132W¡¢RV160»òRV160W·ÓÉÆ÷¡£Cisco SD-WAN vManage ÖеÄ3¸ö·ì϶ÒѾ­½¨¸´£¬½¨Òé²Î¿¼Ï±íʵʱ¸üУº

Cisco SD-WAN vManageÊÜÓ°Ïì°æ±¾

½¨¸´°æ±¾

ËùÓзì϶µÄµÚÒ»¸ö½¨¸´°æ±¾

18.4¼°¸üÔç°æ±¾

Ǩáãµ½¹Ì¶¨°æ±¾¡£

Ǩáãµ½¹Ì¶¨°æ±¾¡£

19.2

19.2.4

19.2.4

19.3

Ǩáãµ½¹Ì¶¨°æ±¾¡£

Ǩáãµ½¹Ì¶¨°æ±¾¡£

20.1

Ǩáãµ½¹Ì¶¨°æ±¾¡£

Ǩáãµ½¹Ì¶¨°æ±¾¡£

20.3

20.3.3

20.3.3

20.4

20.4.1

20.4.1

 

ÏÂÔØÁ´½Ó£º

https://software.cisco.com/download/find

 

 

0x03 ²Î¿¼Á´½Ó

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-q3rxHnvm

https://www.bleepingcomputer.com/news/security/cisco-fixes-bug-allowing-remote-code-execution-with-root-privileges/

 

0x04 ¹¦·òÏß

2021-04-07  Cisco°ä²¼°²È«²¼¸æ

2021-04-08  VSRC°ä²¼°²È«¹«¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö³ß¶È¹ÙÍø£ºhttp://www.first.org/cvss/

image.png