Security News > 2020 > March > Cisco Warns of High-Severity SD-WAN Flaws
If exploited, the flaws could enable bad actors to execute commands with root privileges on affected systems.
The three flaws are located in various Cisco hardware and software products running the company's SD-WAN software earlier than Release 19.2.2.
The flaw ranks 7.1 out of 10.0 on the CVSS scale, or high severity.
The final high-severity flaw is a privilege escalation flaw in the SD-WAN software that could allow authenticated, local attackers to elevate privileges - ultimately gaining "Root-level" privileges on the underlying operating system.
Cisco has previously issued patches for several critical- and high-severity vulnerabilities in its SD-WAN software, including a critical privilege-escalation flaw existing in CLI in June, and a high-severity flaw in the SD-WAN software in January.