Security News > 2020 > March > Cisco issues urgent fixes for SD-WAN router flaws

Cisco issues urgent fixes for SD-WAN router flaws
2020-03-23 12:51

Cisco has patched a clutch of high-priority vulnerabilities in its SD-WAN routers and their management software that admins will want to apply as soon as possible.

The latter is a privilege escalation vulnerability in the SD-WAN management software used with a range of Cisco routers, including the vEdge 100 Series, 1000 Series, 2000 Series, 5000 Series, and Cloud Router.

CVE-2020-3265, another privilege escalation issue affecting the same products, rated high that could allow a "Local attacker to elevate privileges to root on the underlying operating system."

For all products, the solution is to upgrade to vManage version 19.2.2, although how this is done varies slightly from router to router.

The fixes follow a big round from earlier this month affecting Cisco's WebEx conferencing software that admins won't want to skip given the increased demand for this service right now.


News URL

https://nakedsecurity.sophos.com/2020/03/23/cisco-issues-urgent-fixes-for-sd-wan-router-flaws/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-03-19 CVE-2020-3265 Improper Privilege Management vulnerability in Cisco Sd-Wan Firmware
A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system.
local
low complexity
cisco CWE-269
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751