A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local malicious user to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the malicious user to gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco sd-wan_firmware |
||
cisco sd-wan_firmware 20.1.0 |
||
cisco sd-wan_firmware 20.3.0 |
Switchzilla says remote networking gear has a grab-bag of holes Thought you were done after Tuesday's 115-fix day? Not yet: Microsoft emits SMBv3 worm-cure crisis patch
Cisco has issued a series of security updates for its SD-WAN and Webex software, just when they're most needed. Switchzilla says the SD-WAN code is host to five vulnerabilities ranging from privilege escalation to remote code injection. The five CVE-listed bugs (CVE-2020-3264, CVE-2020-3265, CVE-2020-3266, CVE-2019-16010, CVE-2019-16012) are down to what Cisco calls "insufficient input validation," and the avenues to exploit it range from SQL to HTTP requests. "An attacker could exploit this vul...