Executive Summary

This vulnerability exists in the web-based management interface of Cisco Catalyst SD-WAN Manager. It is a cross-site scripting (XSS) vulnerability that can be exploited by an authenticated, remote attacker. The root cause is insufficient validation of user input. An attacker can exploit this by convincing a user of the interface to click on a specially crafted link, which then allows the attacker to execute arbitrary script code within the context of the affected interface or access sensitive information stored in the browser.

Useful 0 Not Useful 0

Impact Analysis

The impact of this vulnerability includes the potential execution of arbitrary scripts in the context of the web-based management interface. This could lead to unauthorized access to sensitive browser-based information, such as session tokens or user data. It may also allow attackers to perform actions on behalf of the user within the interface, potentially compromising the security and integrity of the affected device's management.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows an attacker to execute arbitrary script code or access sensitive browser-based information by exploiting insufficient input validation in the web-based management interface of Cisco Catalyst SD-WAN Manager.

Such unauthorized access to sensitive information could potentially lead to non-compliance with data protection regulations like GDPR or HIPAA, which require safeguarding personal and sensitive data against unauthorized access or disclosure.

However, the provided information does not explicitly state the direct impact on compliance with these standards or regulations.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability is a cross-site scripting (XSS) issue in the web-based management interface of Cisco Catalyst SD-WAN Manager that requires an authenticated user to click a crafted link. Detection involves verifying if the affected software versions are in use and monitoring for suspicious crafted link usage or unexpected script execution in the interface.

There are no specific detection commands or automated detection tools mentioned in the provided resources. Detection primarily relies on identifying the affected software versions and monitoring user activity for exploitation attempts.

Useful 0 Not Useful 0

Mitigation Strategies

Cisco strongly recommends upgrading to fixed software releases to remediate this vulnerability, as there are no available workarounds.

• Upgrade Cisco Catalyst SD-WAN Manager to one of the fixed releases: 20.12.5.3, 20.12.6.1, 20.15.4.2, 20.15.5, or 20.18.2.1.
• For versions 20.13, 20.14, and 20.16, migrate to a fixed release as these require migration rather than patching.

Verify device compatibility before upgrading and obtain fixed software through authorized Cisco channels.

Useful 0 Not Useful 0