Cisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite.
Cisco is warning of multiple, critical vulnerabilities in its software-defined networking for wide-area networks (SD-WAN) solutions for business users.
Cisco issued patches addressing eight buffer-overflow and command-injection SD-WAN vulnerabilities. The most serious of these flaws could be exploited by an unauthenticated, remote attacker to execute arbitrary code on the affected system with root privileges.
“Cisco has released software updates that address these vulnerabilities,” according to Cisco in a Wednesday advisory. “There are no workarounds that address these vulnerabilities.”
One critical-severity flaw (CVE-2021-1299) exists in the web-based management interface of Cisco SD-WAN vManage aoftware. This flaw (which ranks 9.9 out of 10 on the CVSS scale) could allow an authenticated, remote attacker to gain root-level access to an affected system and execute arbitr