Cisco tags critical security holes in SD-WAN software Tech giant warns of serious weaknesses in DNA Center management software as well Credit: Dreamstime Cisco has noted and fixed two critical and a number of high-degree vulnerabilities in its SD-WAN software portfolio. Most of the vulnerabilities could let an authenticated attacker execute command injection attacks against an affected device, which could let the attacker utilise root privileges on the device. The first critical problem – with a Common Vulnerability Scoring System rating of 9.9 out of 10 - is vulnerability in the web-based management interface of Cisco SD-WAN vManage Software. “This vulnerability is due to improper input validation of user-supplied input to the device template configuration,” Cisco stated. “An attacker could exploit this vulnerability by submitting crafted input to the device template configuration. A successful exploit could allow the attacker to gain root-level access to the affected system.”