Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated malicious user to perform command injection attacks against an affected device, which could allow the malicious user to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco sd-wan_firmware 18.2.0 |
||
cisco sd-wan_firmware 18.3.0 |
||
cisco sd-wan_firmware 18.3.8 |
||
cisco sd-wan_firmware 18.4.6 |
||
cisco sd-wan_firmware 19.2.3 |
||
cisco sd-wan_firmware 19.2.99 |
||
cisco sd-wan_firmware 20.1.0 |
||
cisco sd-wan_vsmart_controller_firmware |
||
cisco sd-wan vbond orchestrator - |
||
cisco catalyst sd-wan manager - |
And also fix up these other holes that can be exploited via HTTP requests, SQL injection, etc
Cisco this week emitted patches for four sets of critical-severity security holes in its products along with other fixes. The worst of the bugs can be exploited by sending specially crafted IP packets to a vulnerable installation, and overflowing a memory buffer to ultimately execute code as root on the machine, allowing the box to be completely commandeered. Another set of flaws can be abused by sending HTTP requests that trigger arbitrary command execution to again hijack the machine. You shou...