Cisco hits another SD-WAN bug
By MYBRANDBOOK
Cisco has patched a high-severity vulnerability affecting routers running the company’s popular SD-WAN software. The vulnerability is caused by insufficient input validation stemming from the command line interface (CLI) of Cisco’s IOS XE SD-WAN software. If exploited, the bug could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
The vulnerability affects several routers running the software including both 1000 series Aggregation and Integrated Services Routers (ISR), 4000 series ISRs, and Cloud Services Router 1000v Series.
Cisco reports, “An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility”. However, the company notes that the attacker would have had to be authenticated to access the CLI utility.
Cisco has also confirmed that the bug does not affect its IOS, IOS XE, vBond, vEdge, vManage, or vSmart software suites. While Cisco says it is not aware of any malicious use of the vulnerability, with 20,000 customers around the world using Cisco’s Viptela and Meraki SD-WAN offerings, the vulnerability remains notable.
The latest bug comes after the company patched three high-impact and two medium-impact vulnerabilities affecting its routers and SD-WAN management, orchestration, and controller software, in late March.
Similar to this week’s patch, the first two bugs would have allowed an authenticated, local attacker to gain root-level privileges on the operating system. The third high-impact bug would have allowed a local attacker to trigger a buffer overflow on an effected device in order to gain control.
The medium-impact vulnerabilities were discovered in Cisco’s SD-WAN vManage web user interface, which would have allowed an attacker to conduct a cross-site scripting attack against the user. The second medium-threat bug would have enabled SQL injection attacks on the affected system.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : MADHABI PURI BUCH
Madhabi Puri Buch is the first-female chairperson of India’s markets...
Icons Of India : CP Gurnani
Former Managing Director and CEO of the well-known IT service company ...
ICONS OF INDIA : SANDIP PATEL
Sandip Patel is the Managing Director for IBM India & South Asia regio...
PFC - Power Finance Corporation Ltd
PFC is a leading financial institution in India specializing in power ...
UIDAI - Unique Identification Authority of India
UIDAI and the Aadhaar system represent a significant milestone in Indi...
ITI - ITI Limited
ITI Limited is a leading provider of telecommunications equipment, sol...
Indian Tech Talent Excelling The Tech World - Thomas Kurian, CEO- Google Cloud
Thomas Kurian, the CEO of Google Cloud, has been instrumental in expan...
Indian Tech Talent Excelling The Tech World - Sanjay Mehrotra, CEO- Micron Technology
Sanjay Mehrotra, the President and CEO of Micron Technology, is at the...
Indian Tech Talent Excelling The Tech World - Aman Bhutani, CEO, GoDaddy
Aman Bhutani, the self-taught techie and CEO of GoDaddy, oversees a co...