A critical vulnerability has been identified in Cisco SD-WAN vManage software that enables remote exploitation. This security flaw, tracked as CVE-2023-20214 with a CVSS score of 9.1, allows unauthenticated attackers to access information from vulnerable instances.
The vulnerability is rooted in the REST API feature of vManage, which fails to validate incoming requests adequately. The vManage API is utilized by administrators to configure, monitor, and control Cisco devices across the network.
To exploit the vulnerability, an attacker can send a specifically crafted API request to a vulnerable instance, thereby retrieving information from vManage or transmitting data.
However, it’s important to note that the web-based management interface and the CLI remain unaffected by this security issue, as clarified by the company.