Cisco SD-WAN Software Information Disclosure Vulnerability

A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory.

This vulnerability is due to insufficient handling of malformed MPLS packets that are processed by a device that is running Cisco SD-WAN Software. An attacker could exploit this vulnerability by sending a crafted MPLS packet to an affected device that is running Cisco SD-WAN Software or Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-mpls-infodisclos-MSSRFkZq

Security Impact Rating: Medium

CVE: CVE-2021-1614

Related:

  • No Related Posts

Cache file size of “Cache on device RAM with overflow on hard disk” is growing faster than “Cache on device hard disk”

  • Cache Type = “Cache on device hard disk”

The block reservation of “Cache on device hard disk” is ONLY 4KB, and it’s random I/O.

  • Cache Type = “Cache on device RAM with overflow on hard disk”

Since “overflow on hard disk” is vhdx format, the block reservation is 2MB & required for sequential I/O, which will provide better performance than legacy local write cache, but it will consume more filesystem usage.

Hence if there’s heavy IOPS occurred on target device, and RAM cache is running out of range, “overflow on hard disk” cache will be generated, which may grow very fast.

Related:

  • No Related Posts

HTML5Receiver File uploads more than 400KB size disconnects HTML5 receiver session, issue happens only on Chrome with AGEE

This article is intended for Citrix administrators and technical teams only.



Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information.


Clicking on close session gets the session back. No bandwidth redirection policy in place.

Using the file uploader to upload a file (greater the 400kb) in HTML5 connected session causes the session to disconnect with the below error

User-added image

Confirmed that without any AGEE in picture the issue does not show up.

Related:

  • No Related Posts

Slow Transfers While Downloading From or Uploading to ShareFile

Numerous factors outside of ShareFile’s control could potentially impact your overall download or upload speed.

Size – Large files take longer to download/upload than small files. Many small files can take longer to download than one large file. Deep folder structures take longer to download/upload than simpler folder structures

ISP Capability

  • Your download or upload speed may vary depending on the quality of your connection, the presence of other users on your network such as in a shared or office environment, and various other factors related to your ISP. If your download or upload speeds are not satisfactory, please check your connection and consult your ISP.
  • If you are a customer located in the United States and would like to know more about national broadband availability and advertised vs actual average speeds, click here to view a 2015 study conducted by the Federal Communications Commission.
  • In the event that ShareFile is experiencing a significant issue with storage servers or infrastructure that is impacting customer downloads or uploads, real-time updates will be posted at https://status.sharefile.com/. You can subscribe to be alerted about future occurrences by phone or email.

Geographic Proximity

  • Under normal circumstances, the farther your data has to travel, the longer it will take to download/upload. ShareFile servers are located in multiple locations around the world. If your account’s files are stored primarily on the eastern coast of the US, for example, then upload or download speeds from China or Australia may be impacted by geographic proximity.
  • If you believe you are communicating with servers that are geographically distant to your working location, please reach out to ShareFile customer support about updating your primary storage server.

Related:

Citrix Director: “Cannot Retrieve the data” for some VDA servers when checking machine details

Reset performance counters on the non working server(VDA) by following the below steps:

Run the command prompt as administrator and execute command lodctr /r.

After resetting the performance counter on the affected (non working) server, and after rebooting the server too, the issue was not seen and the data(IOPs) was displayed in the director console for the server.

Related:

BLOCK FILE UPLOADS

I need a solution

Hey everyone, how are you?

I’m newbie with proxysg, but I’m tryng haha.

I need create a policy to block upload to File Storage/Sharing categorie… I did some tests putting PUT/POST Method (Service) and Force Deny on Action, but isn’t works…

So, I did create more tests to specific sites, like WeTransfer: I created another test, creating Combined Destination Object with Web Application Control, setting WeTransfer and a Web Operation Control setting “Upload Attachment”, “Upload Files”, “Upload Media”, “Upload Pictures” and “Upload Videos”, setting on Source my user, but ins’t works too, but I did another test putting my IP on Source and it’s did works!

My doubt is: is possible create a policy to block upload files to a Category, like File Storage/Sharing? IF yes, how I do this? It’s for a AD group, not for a specific person…

Can anyone help me? Tks!!

(Sorry for my english hahaha)

0

Related:

Notify page before file download.

I need a solution

Hi, 

I have a problem with displaying notify page before downloading files. Witah simple rule for displaying notify page for any reason it only works with web pages. When I try to download file it doesn’t force displaying notify page at all and downloading starts without it.

Expected behaviour which I try to achieve is to displaying worning before downloading password protected archives however even more simple case doesn’t work. 

I see in trace file that for web pages there is matched condition with action :

Called policy definition: Notify_Passw_Protected
        <Proxy>
 MATCH:         condition=__Notify_Passw_Protected_should_notify action.__Notify_Passw_Protected_check_notify(yes)

Wen I downloading file ther is a miss without action:

Called policy definition: Notify_Passw_Protected 

<Proxy>
miss:     condition=__Notify_Passw_Protected_should_notify

When I make polisy for zip file extension Exception page works but notify page doesn’t.

Is it evem possible to do notify page before file download?

0

Related:

  • No Related Posts

Modernizing Your WAN: The Digitization of Everything, and an Easier SD-WAN Experience

We live at unique moment in time where personal experiences are being ubiquitously digitized. Some of the more common experiences are financial experiences like depositing a check or executing a stock trade with a mobile device. Organizations are continuing to innovate by digitizing their customer’s experiences to improve their competitive advantage. One unique personal example is a sport’s event I recently attended. The sport’s organization digitized their fan experience with ordering food from a mobile app and having delivery to the seat. How cool is that? This ubiquitous digitization ultimately translates into exponential growth of traffic … READ MORE

Related:

Using Endpoint Prevent to block uploading classified document to public web services like gmail attachment or social media…etc

I do not need a solution (just sharing information)

Hi,

I have customer with Endpoint Prevent detection is used only for confidential files, the question is, how to configure the policy to prevent the user from uploading these confidential document to be uploaded to gmail attachment or facebook, or any other public file hosting in the internet?

Thanks 

0

Related: