思科 SD-WAN vEdge 任意文件创建漏洞

攻击者可以利用此漏洞通过构造特定的命令参数，在受影响的设备上创建或覆盖任意文件。这可能导致设备不可用，从而造成拒绝服务。更严重的后果包括攻击者可能利用此漏洞篡改系统文件，导致系统不稳定或完全崩溃。虽然描述中未明确提及数据泄露，但攻击者可能通过覆盖关键配置或日志文件来获取敏感信息，从而间接造成数据泄露风险。该漏洞的潜在影响范围取决于设备在网络中的角色和配置，如果设备是关键的网络节点，则影响范围可能更大。

Organizations heavily reliant on Cisco Catalyst SD-WAN Manager for their network connectivity and SD-WAN functionality are at risk. Specifically, environments with weak access controls to the CLI or those running older, unpatched versions (≤20.1.12) are particularly vulnerable. Shared hosting environments utilizing Cisco SD-WAN Manager should also be assessed for potential exposure.

• linux / server: Monitor system logs (e.g., /var/log/syslog) for unusual file creation or modification events within the SD-WAN Manager's file system. Use lsof to identify processes accessing sensitive files.

lsof /path/to/critical/file

• cisco: Utilize Cisco's Security Intelligence Operations (SIO) to detect potential exploitation attempts. Review device logs for suspicious CLI commands or file access patterns. • generic web: Monitor network traffic for unusual connections to the SD-WAN Manager's CLI interface.

1. 2024-11-18Disclosure

   disclosure

1. 已保留2020-09-24
2. 发布日期2024-11-18
3. EPSS 更新日期2026-04-02

最有效的缓解措施是立即将Cisco Catalyst SD-WAN Manager升级至20.1.13或更高版本。如果升级会造成业务中断，可以考虑以下临时缓解措施：限制对CLI的访问，仅允许授权用户执行特定命令。实施严格的输入验证，过滤掉可能导致文件创建或覆盖的恶意字符。监控系统日志，查找任何异常的文件创建或修改活动。如果升级后出现问题，请考虑回滚到之前的稳定版本，并联系Cisco技术支持寻求进一步的帮助。升级后，请验证系统功能是否正常，并确认漏洞已成功修复。