Security News > 2021 > January > Critical Cisco SD-WAN Bugs Allow RCE Attacks
![Critical Cisco SD-WAN Bugs Allow RCE Attacks](/static/build/img/news/critical-cisco-sd-wan-bugs-allow-rce-attacks-medium.jpg)
Cisco is warning of multiple, critical vulnerabilities in its software-defined networking for wide-area networks solutions for business users.
Three critical flaws were found in Cisco smart software manager satellite, which offers businesses real-time visibility and reporting of their Cisco licenses.
These flaws, which rank 9.8 out of 10 on the CVSS scale, stem from the Cisco smart software manager satellite's web user interface and could allow an unauthenticated, remote attacker to execute arbitrary commands as a high-privileged user on an affected device.
The flaws affect Cisco Smart Software Manager Satellite releases 5.1.0 and earlier; fixes are available in the Cisco Smart Software Manager On-Prem releases 6.3.0 and later.
Another critical-severity flaw was found in the Command Runner tool of Cisco DNA Center, which is Cisco's network management and command center.
"A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center," according to Cisco.
News URL
https://threatpost.com/critical-cisco-sd-wan-bugs-rce-attacks/163204/
Related news
- Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw (source)
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) (source)
- TP-Link fixes critical RCE bug in popular C5400X gaming router (source)
- London hospitals left in critical condition after ransomware attack (source)
- PHP fixes critical RCE flaw impacting all versions for Windows (source)
- Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) (source)
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
- Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed (source)
- Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool (source)
- Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks (source)