MY BRAND BOOK Cisco hits another SD-WAN bug

Cisco hits another SD-WAN bug

By MYBRANDBOOK

Cisco has patched a high-severity vulnerability affecting routers running the company’s popular SD-WAN software. The vulnerability is caused by insufficient input validation stemming from the command line interface (CLI) of Cisco’s IOS XE SD-WAN software. If exploited, the bug could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.

The vulnerability affects several routers running the software including both 1000 series Aggregation and Integrated Services Routers (ISR), 4000 series ISRs, and Cloud Services Router 1000v Series.

Cisco reports, “An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility”. However, the company notes that the attacker would have had to be authenticated to access the CLI utility.

Cisco has also confirmed that the bug does not affect its IOS, IOS XE, vBond, vEdge, vManage, or vSmart software suites. While Cisco says it is not aware of any malicious use of the vulnerability, with 20,000 customers around the world using Cisco’s Viptela and Meraki SD-WAN offerings, the vulnerability remains notable.

The latest bug comes after the company patched three high-impact and two medium-impact vulnerabilities affecting its routers and SD-WAN management, orchestration, and controller software, in late March.

Similar to this week’s patch, the first two bugs would have allowed an authenticated, local attacker to gain root-level privileges on the operating system. The third high-impact bug would have allowed a local attacker to trigger a buffer overflow on an effected device in order to gain control.

The medium-impact vulnerabilities were discovered in Cisco’s SD-WAN vManage web user interface, which would have allowed an attacker to conduct a cross-site scripting attack against the user. The second medium-threat bug would have enabled SQL injection attacks on the affected system.

BREAKING NEWS

Cisco announces AI-native secure Wi-Fi 7 for future-ready employe...

Announcing a major leap in wireless technology, Cisco has launched its Wi...

The BSE benchmark Sensex tumbled over 800 points, leaving investo...

The BSE benchmark Sensex recently experienced a significant drop, tumblin...

North Korean GPS Interference Disrupts Air Traffic...

South Korea's military has publicly accused North Korea of disrupting GP...

US ordered TSMC to halt chip shipments to China...

TSMC has had regular discussions with the government on export control issu...

TECHNO TRENDS

Nazara and ONDC set to transform in-game monetization with ‘

Nazara Technologies has teamed up with the Open Network for Digital Comme...

Jio Platforms and NICSI to offer cloud services to government

In a collaborative initiative, the National Informatics Centre Services In...

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...

Pinterest tracks users without consent, alleges complaint

A recent complaint alleges that Pinterest, the popular image-sharing platf...

E-Magazine

TECHNOTAINMENT

Eloelo teams up with Elvish Yadav for India's biggest digital

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix has introduced a new “Moments” feature on its mobile app, whic

Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b

MOVERS & SHAKERS

Kamal Nath quits SIFY Technologies

Visa elevates Rishi Chhabra as new Country Manager for India

Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ

Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys continues to deepen its investment in the APAC region. Earlier this

OPEN YOUR EYES

Tools and technologies are being used for Remote Work and Collaboration Teams

Brands across the board are reinventing strategies to bring back customers

India is moving towards the path of self-reliance

Technology has made organizations more dependent by using facial recognition

Big Data and Cyber Security Brings Newer Challenges for WFH

INTERVIEWS

Alcatel-Lucent Enterprise Carrying a 100 year legacy ahead

Alpha Max offers high end solutions in the network space to en

The vision at Alpha Max is to attain quality as the trademark and create a

Cisco building a trusted and resilient future for the nation

Security is foundational to everything Cisco does and customers insist on e

HOT PICK

BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall announced today the launch of the TZ80, a groundbreaking securit

Gigabyte X3D Turbo: A Gaming Revolution

GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr

MAKE IN INDIA BRANDS

LUMINOUS POWER TECHNOLOGIES PVT. LTD.

VERSA NETWORKS INDIA PVT. LTD.

SAMRIDDHI AUTOMATIONS PVT. LTD.

WIPRO LTD.

EMINENT CIO'S OF INDIA

AI AND DATA ANALYTICS REVOLUTIONIZING HEALTHCARE SERVICES

...

AIM TO PUT IA SOLUTIONS WITH A WIDE “GENERAL INTELLIGENCE” SCOPE INTO PRACTICE

Our firm is fortunate to be led by distinguished i...

USING AI & BI OFFERINGS TO ADDRESS CLIENT NEEDS

In the fiscal year 2024-25, Assisto Technologies h...

ICONS OF INDIA

Icons Of India : Anil Kumar Lahoti

Anil Kumar Lahoti, Chairman, Telecom Regulatory Authority of India (TR...

Icons Of India : Girish Mathrubootham

Girish Mathrubootham is the Founder of Freshworks (previously known ...

ICONS OF INDIA : RISHAD PREMJI

Rishad Premji is Executive Chairman of Wipro Limited, a $11.3 billion ...

PARTNER SPEAKERS

Driving digital india with Niveshan Technologies – A Trusted “Saathi”

With a wide array of IT services, from Datacenter Services to Business Continu...

Unwavering Commitment & Communication helping to thrive in the evolving digital landscape

We leverage a comprehensive market intelligence framework and an advanced CRM ...

"Tech Data's Solution-Centric Methodology and Consistent Communication: Enhancing Customer Experience Across All Touchpoints"

Tech Data’s unique value proposition is its solutions aggregation and orches...

PSU

C-DOT - Center of Development of Telematics

India’s premier research and development center focused on telecommu...

NSE - National Stock Exchange

NSE is the leading stock exchange in India....

STPI - Software Technology Parks of India

STPI promotes and facilitates the growth of the IT and ITES industry i...

VIDEOS

Top 25 Brands

Most Trusted Brands 2024 : Samsung Electronics Co. Ltd.

Samsung invests heavily in marketing campaigns to promote...

Most Trusted Brands 2024 : Ingram Micro India

Ingram Micro India’s strong brand connection is built on its distribution ne...

Most Trusted Brands 2024 : Adobe Inc.

Adobe Creative Cloud is a comprehensive suite of desktop and mobile apps for d...

Global Indian industry

Indian Tech Talent Excelling The Tech World - Steve Sanghi, Executive Chair, Microchip

Steve Sanghi, the Executive Chair of Microchip Technology, has been a ...

Indian Tech Talent Excelling The Tech World - Rajiv Ramaswami, President & CEO, Nutanix Technologies

Rajiv Ramaswami, President and CEO of Nutanix, brings over 30 years of...

Indian Tech Talent Excelling The Tech World - Aneel Bhusri, CEO, Workday

Aneel Bhusri, Co-Founder and Executive Chair at Workday, has been a le...

STARNITE AWARDS 2024

ITFORUM 2024

CMO of the Year

WOMEN LEADERSHIP

IMAGE GALLERY

TRENDS IN TECHNOLOGY