Security News > 2020 > March > Cisco Patches Several Vulnerabilities in SD-WAN Solution
Cisco on Wednesday announced that it has patched a total of five vulnerabilities in its SD-WAN solution, including three that have been assigned a "High severity" rating.
The high-severity vulnerabilities - all of them reported to Cisco by Orange Group - are caused by insufficient input validation.
The security holes can impact several Cisco products if they are running an SD-WAN version prior to 19.2.2, including vBond Orchestrator, vEdge routers, vManage network management software, and vSmart controller software.
Julien Legras and Thomas Etrillard of Synacktiv informed Cisco that its SD-WAN vManage software is affected by a SQL injection and a cross-site scripting vulnerability.
Cisco says there is no evidence that these vulnerabilities have been exploited in malicious attacks.