A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local malicious user to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the malicious user to execute commands with root privileges.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco sd-wan_firmware |
Switchzilla says remote networking gear has a grab-bag of holes Thought you were done after Tuesday's 115-fix day? Not yet: Microsoft emits SMBv3 worm-cure crisis patch
Cisco has issued a series of security updates for its SD-WAN and Webex software, just when they're most needed. Switchzilla says the SD-WAN code is host to five vulnerabilities ranging from privilege escalation to remote code injection. The five CVE-listed bugs (CVE-2020-3264, CVE-2020-3265, CVE-2020-3266, CVE-2019-16010, CVE-2019-16012) are down to what Cisco calls "insufficient input validation," and the avenues to exploit it range from SQL to HTTP requests. "An attacker could exploit this vul...
Vulmon