Security News > 2021 > January > Cisco Patches Critical Vulnerabilities in SD-WAN, DNA Center, SSMS Products
Cisco this week released patches to address a significant number of vulnerabilities across its product portfolio, including several critical flaws in SD-WAN products, DNA Center, and Smart Software Manager Satellite.
Several command injection bugs addressed in SD-WAN products could allow an attacker to perform actions as root on the affected devices, the most important of which is rated critical severity, featuring a CVSS score of 9.9.
A critical vulnerability addressed in DNA Center could be exploited to perform command injection attacks.
Cisco DNA Center releases prior to version 1.3.1.0 are affected.
Cisco Smart Software Manager On-Prem releases 6.3.0 and later contain fixes for all of these flaws.
This week, the company also released patches for multiple other high- and medium-severity flaws in SD-WAN, DNA Center, Data Center Network Manager, SSMS, Advanced Malware Protection for Endpoints for Windows and Immunet for Windows, Web Security Appliance, Umbrella, Unified Communications products, Elastic Services Controller, Email Security Appliance, Content Security Management Appliance, and StarOS. Information on all of the addressed vulnerabilities can be found on Cisco's security portal.
News URL
Related news
- Cisco warns of critical RCE zero-days in end of life IP phones (source)
- Volt Typhoon suspected of exploiting Versa SD-WAN bug since June (source)
- Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks (source)
- Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) (source)