Cisco hits another SD-WAN bug
By MYBRANDBOOK
Cisco has patched a high-severity vulnerability affecting routers running the company’s popular SD-WAN software. The vulnerability is caused by insufficient input validation stemming from the command line interface (CLI) of Cisco’s IOS XE SD-WAN software. If exploited, the bug could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
The vulnerability affects several routers running the software including both 1000 series Aggregation and Integrated Services Routers (ISR), 4000 series ISRs, and Cloud Services Router 1000v Series.
Cisco reports, “An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility”. However, the company notes that the attacker would have had to be authenticated to access the CLI utility.
Cisco has also confirmed that the bug does not affect its IOS, IOS XE, vBond, vEdge, vManage, or vSmart software suites. While Cisco says it is not aware of any malicious use of the vulnerability, with 20,000 customers around the world using Cisco’s Viptela and Meraki SD-WAN offerings, the vulnerability remains notable.
The latest bug comes after the company patched three high-impact and two medium-impact vulnerabilities affecting its routers and SD-WAN management, orchestration, and controller software, in late March.
Similar to this week’s patch, the first two bugs would have allowed an authenticated, local attacker to gain root-level privileges on the operating system. The third high-impact bug would have allowed a local attacker to trigger a buffer overflow on an effected device in order to gain control.
The medium-impact vulnerabilities were discovered in Cisco’s SD-WAN vManage web user interface, which would have allowed an attacker to conduct a cross-site scripting attack against the user. The second medium-threat bug would have enabled SQL injection attacks on the affected system.
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
VERSA NETWORKS INDIA PVT. LTD.
HP INDIA SALES PVT. LTD.
POLYCAB INDIA PVT. LTD.
TP-LINK INDIA PVT LTD.
Technology Icons Of India 2023: Vijay Shekhar Sharma
Vijay Shekhar Sharma is an Indian technology entrepreneur and billiona...
Technology Icons Of India 2023: Debjani Ghosh
Debjani Ghosh is the first woman president of NASSCOM (the umbrella bo...
Technology Icons Of India 2023: Mukesh D. Ambani
An Indian billionaire businessman Mukesh Dhirubhai Ambani is currently...
GSTN aims to integrate indirect tax ecosystem on a shared IT infrastructure
Goods and Services Tax Network (GSTN) has built Indirect Taxation plat...
New defence PSUs will help India become self-reliant
MIL, India’s biggest manufacturer and market leader is engaged in Pr...
BSE provides highly secure, efficient and transparent market for trading
BSE (formerly known as Bombay Stock Exchange Ltd.) is Asia's first & t...
TECH DATA, A TD SYNNEX COMPANY
Tech Data Corporation was an American multinational distribution compa...
TECHNOBIND SOLUTIONS PVT. LTD.
TechnoBind’s business model is focused on identifying and partnering...
REDINGTON INDIA LIMITED
Redington (India) Limited operates in the IT product distribution busi...