What We Do
How we do it
Resources
SECURITY ADVISORIES
Sep 14, 2021
Update 2: Microsoft Zero-Day Vulnerability Announced - CVE-2021-40444
THE THREAT UPDATE 2: As of September 14th, Microsoft has released security patches to address CVE-2021-40444 for all impacted versions of Windows. eSentire has tested the update and confirmed its validity against public exploits. Organizations are strongly recommended to apply these security patches as soon as possible, as exploitation in the wild is ongoing. UPDATE: As of September 11th,…
Read More
View all Advisories →
Company
ABOUT eSENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Aug 25, 2021
eSentire named a Leader in IDC MarketScape for U.S. Managed Detection and Response Services
August 26, 2021 – Waterloo, ON -  eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), announced today that it has been named a Leader in the IDC MarketScape: U.S. Managed Detection and Response Services 2021 Vendor Assessment (doc #US48129921, August 2021). IDC defines the core services an MDR must provide as follows: reduced time for onboarding, 24/7…
Read More
Partners
PARTNER PROGRAM
Partners
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Search
Resources
Security advisories — May 06, 2021

Critical Cisco SD-WAN vManage and HyperFlex Vulnerabilities

THE THREAT

On May 5th, Cisco announced three critical vulnerabilities impacting the SD-WAN vManage and HyperFlex HX software. The vulnerabilities are tracked as CVE-2021-1468 (CVSS: 9.8), CVE-2021-1497 (CVSS: 9.8), and CVE-2021-1505 (CVSS: 9.1). CVE-2021-1468 and CVE-2021-1497 are especially concerning as they do not require any prior authentication. Exploitation of these vulnerabilities may result in the creation of new administrator accounts, command injection, authentication bypass, and privilege escalation.

Although exploit code is not publicly available, the severity and impact of these vulnerabilities on products will make these attractive targets for future attacks. Exploitation has not been identified at this time.

eSentire has recently observed highly aggressive threat actor activity attempting to exploit public-facing services. eSentire assesses that threat actors will adopt these vulnerabilities in attacks in the near future.

What we’re doing about it

What you should do about it

Additional information

CVE-2021-1468 (CVSS: 9.8) - Vulnerability impacting the Cisco SD-WAN vManage Software when operating in cluster mode, allows an unauthenticated remote attacker to send unauthorized messages resulting in the creation of new admin level accounts.

CVE-2021-1497 (CVSS: 9.8) – Vulnerability impacting the web-based management interface for Cisco HyperFlex HX Installer Virtual Machine that allows an unauthenticated, remote attacker to perform a command injection attack.

CVE-2021-1505 (CVSS: 9.1) - Vulnerability impacting the Cisco SD-WAN vManage Software when operating in cluster mode. An authenticated, remote attacker may exploit this vulnerability to bypass authorization checking and gain elevated privileges within the affected system.

In addition to these three critical vulnerabilities, Cisco also released patches for four high severity vulnerabilities: CVE-2021-1508, CVE-2021-1275, CVE-2021-1506, and CVE-2021-1498.

References:

[1] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ#
[2] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR