Connect with us

International Circuit

Cisco squashes yet another SD-WAN bug

Cisco has patched a high-severity vulnerability affecting routers running the company’s popular SD-WAN software.

The vulnerability is caused by insufficient input validation stemming from the command line interface (CLI) of Cisco’s IOS XE SD-WAN software. If exploited, the bug could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.

The vulnerability affects several routers running the software including both 1000 series Aggregation and Integrated Services Routers (ISR), 4000 series ISRs, and Cloud Services Router 1000v Series.

“An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility,” Cisco reports. However, the company notes that the attacker would have had to be authenticated to access the CLI utility.

Cisco has also confirmed that the bug does not affect its IOS, IOS XE, vBond, vEdge, vManage, or vSmart software suites.

While Cisco says it is not aware of any malicious use of the vulnerability, with 20,000 customers around the world using Cisco’s Viptela and Meraki SD-WAN offerings, the vulnerability remains notable.

Cisco’s Bug Hunt

The latest bug comes after the company patched three high-impact and two medium-impact vulnerabilities affecting its routers and SD-WAN management, orchestration, and controller software, in late March.

Similar to this week’s patch, the first two bugs would have allowed an authenticated, local attacker to gain root-level privileges on the operating system. The third high-impact bug would have allowed a local attacker to trigger a buffer overflow on an effected device in order to gain control.

The medium-impact vulnerabilities were discovered in Cisco’s SD-WAN vManage web user interface, which would have allowed an attacker to conduct a cross-site scripting attack against the user. The second medium-threat bug would have enabled SQL injection attacks on the affected system.

Like this week’s vulnerability, all of these attacks require some form of authentication, which makes an attack more difficult.

―SDX Central

Related Topics:
Click to comment

You must be logged in to post a comment Login

Leave a Reply

We create rich business content, reach targeted business audiences, and provide valuable business information to our readers.

We create rich business
content, reach targeted business
audiences, and provide valuable business information to our readers.

Copyright © 2024 Communications Today

error: Content is protected !!