Security News > 2021 > January > Cisco fixes critical pre-auth bugs in SD-WAN, cloud license manager

Cisco has released security updates to address pre-auth remote code execution vulnerabilities affecting multiple SD-WAN products and the Cisco Smart Software Manager software.

Unauthenticated attackers can remotely exploit buffer overflow and command injection bugs to execute arbitrary code or to run arbitrary commands on the underlying operating system of devices running vulnerable releases of SD-WAN and Cisco Smart Software Manager Satellite software.

Pre-auth RCE vulnerabilities affecting Cisco's cloud licensing manager are tracked as CVE-2021-1138, CVE-2021-1140, and CVE-2021-1142.

Cisco has fixed them in versions 6.3.0 and later and has renamed Cisco Smart Software Manager Satellite to Cisco Smart Software Manager On-Prem.

Cisco today also addressed critical command injection vulnerabilities impacting SD-WAN products and the Command Runner tool of Cisco DNA Center.

In November, the company also patched multiple pre-authentication vulnerabilities with public exploits in the Cisco Security Manager exposing affected devices to remote code execution attacks.

News URL

https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-pre-auth-bugs-in-sd-wan-cloud-license-manager/