Security News > 2021 > April > Cisco fixes bug allowing remote code execution with root privileges
Cisco has released security updates to address a critical pre-authentication remote code execution vulnerability affecting SD-WAN vManage Software's remote management component.
The company fixed two other high-severity security vulnerabilities in the user management and system file transfer functions of the same product allowing attackers to escalate privileges.
Cisco has addressed them in the 20.4.1, 20.3.3, and 19.2.4 security updates published today and advises customers to migrate to a fixed release as soon as possible.
Affected Cisco SD-WAN vManage releases First fixed release 18.4 and earlier Migrate to a fixed release.
Today, Cisco also disclosed a critical RCE vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W routers.
The company fixed another pre-auth RCE vulnerability affecting Cisco SD-WAN Software products in January 2021, enabling attackers to execute arbitrary code with root privileges after exploitation.