Wednesday, January 20, 2021

Cisco tags critical security holes in SD-WAN software

Cisco has noted and fixed two critical and a number of high-degree vulnerabilities in its SD-WAN software portfolio.

Most of the vulnerabilities could let an authenticated attacker execute command injection attacks against an affected device, which could let the attacker utilize root privileges on the device.

The first critical problem–with a Common Vulnerability Scoring System rating of 9.9 out of 10–is  vulnerability in the web-based management interface of Cisco SD-WAN vManage Software. 

“This vulnerability is due to improper input validation of user-supplied input to the device template configuration,” Cisco stated. “An attacker could exploit this vulnerability by submitting crafted input to the device template configuration. A successful exploit could allow the attacker to gain root-level access to the affected system.”

To read this article in full, please click here

Thanks to Michael Cooney (see source)

No comments:

Post a Comment