Pentesting Cisco SD-WAN Part 1: Attacking vManage

In late 2019, a customer asked Synacktiv to perform a security assessment in a few days of their SD-WAN project based on the Cisco SD-WAN solution. During this engagement, we actually found a few interesting vulnerabilities in different components.

For this first article, we will focus on the vManage component which was recently patched to address the following vulnerabilities: