Cisco hits another SD-WAN bug
By MYBRANDBOOK
Cisco has patched a high-severity vulnerability affecting routers running the company’s popular SD-WAN software. The vulnerability is caused by insufficient input validation stemming from the command line interface (CLI) of Cisco’s IOS XE SD-WAN software. If exploited, the bug could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
The vulnerability affects several routers running the software including both 1000 series Aggregation and Integrated Services Routers (ISR), 4000 series ISRs, and Cloud Services Router 1000v Series.
Cisco reports, “An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility”. However, the company notes that the attacker would have had to be authenticated to access the CLI utility.
Cisco has also confirmed that the bug does not affect its IOS, IOS XE, vBond, vEdge, vManage, or vSmart software suites. While Cisco says it is not aware of any malicious use of the vulnerability, with 20,000 customers around the world using Cisco’s Viptela and Meraki SD-WAN offerings, the vulnerability remains notable.
The latest bug comes after the company patched three high-impact and two medium-impact vulnerabilities affecting its routers and SD-WAN management, orchestration, and controller software, in late March.
Similar to this week’s patch, the first two bugs would have allowed an authenticated, local attacker to gain root-level privileges on the operating system. The third high-impact bug would have allowed a local attacker to trigger a buffer overflow on an effected device in order to gain control.
The medium-impact vulnerabilities were discovered in Cisco’s SD-WAN vManage web user interface, which would have allowed an attacker to conduct a cross-site scripting attack against the user. The second medium-threat bug would have enabled SQL injection attacks on the affected system.
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
HP INDIA SALES PVT. LTD.
INFOSYS TECHNOLOGIES PVT. LTD.
DELL TECHNOLOGIES INDIA PVT. LTD.
GLOBUS INFOCOM LTD.
Technology Icons Of India 2023: Rajeev Chandrasekhar
Rajeev Chandrasekhar is the Union Minister of State for Electronics an...
Technology Icons Of India 2023: Ajit Balakrishnan
The Company markets specific channels, community features, local langu...
Technology Icons Of India 2023: Dr. P D Vaghela
Dr PD Vaghela serves as the Chairperson of Telecommunications Regulato...
GeM maintains transparency in online procurement of goods & services
Created in a record time of five months, Government eMarketplace is a ...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
CERT-IN protecting the cyber security space of India
CERT-In serves in the area of cyber security threats like hacking and ...
IVALUE INFOSOLUTIONS PVT. LTD.
: iValue Info Solutions is a value added distributor, provides solutio...
SAVEX TECHNOLOGIES PVT. LTD.
Savex Technologies is the 3rd largest Information & Communication Tec...
ACCERON INFOSOL PVT. LTD.
It is a leading value added distributor in the IT security space and h...