A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote malicious user to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the malicious user to gain access to information that they are not authorized to access, make changes to the system that they are not authorized to make, and execute commands on an affected system with privileges of the root user.
Cisco today has released several security updates to address three critical authentication bypass, buffer overflow, and authorization bypass vulnerabilities found to affect Cisco Data Center Network Manager (DCNM) and multiple Cisco SD-WAN software products.
The company also issued security updates to fix another eight high and medium severity vulnerability found in to affect several other Cisco DCNM Software versions.