DX NetOps

 View Only

NetOps response to Cisco SDWAN security flaw update

  • 1.  NetOps response to Cisco SDWAN security flaw update

    Broadcom Employee
    Posted Jan 29, 2019 08:43 AM

    NetOps SDWAN Customers,


    You may have noticed an update from Cisco related to vulnerabilities exposed in the Cisco (formerly Viptela) SDWAN solution. Cisco has released the following advisory notes with additional information:



    The limitations of these vulnerabilities as described below indicate there is no immediate threat to NetOps SDWAN/Viptela users:


    • For the Buffer Overflow and Unauthorized Access vulnerability it only applies to vContainer. The SDWAN CloudOps engineering team has already upgraded in the cloud so there is no exposure there. Note that no customer runs vContainer individually. So this issue has been addressed.
    • The escalation of privilege vulnerabilities requires someone to have gained access to the box first, then elevate their privileges via the exploit. Random outside attackers cannot exploit this unless the attacker can guess or steal login credentials. Restricting SSH on VPN 0 further restricts the attack surface. Regardless, this is fixed in 18.4 and 18.3.5. 18.3.5 is a long term release.


    The NetOps R&D team will be undertaking a project in the current quarter to certify Cisco SDWAN 18.4 and any updates required to support this version will be made available once that effort is complete.


    Thank you,

    Jason Normandin

    NetOps Product Management Team