A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local malicious user to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the malicious user to gain root-level privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco sd-wan_firmware |
||
cisco sd-wan_firmware 20.1.0 |
Switchzilla says remote networking gear has a grab-bag of holes Thought you were done after Tuesday's 115-fix day? Not yet: Microsoft emits SMBv3 worm-cure crisis patch
Cisco has issued a series of security updates for its SD-WAN and Webex software, just when they're most needed. Switchzilla says the SD-WAN code is host to five vulnerabilities ranging from privilege escalation to remote code injection. The five CVE-listed bugs (CVE-2020-3264, CVE-2020-3265, CVE-2020-3266, CVE-2019-16010, CVE-2019-16012) are down to what Cisco calls "insufficient input validation," and the avenues to exploit it range from SQL to HTTP requests. "An attacker could exploit this vul...