Security News > 2021 > April > Cisco Patches Critical Flaw in SD-WAN vManage
Cisco this week announced patches for tens of vulnerabilities across its product portfolio, including a critical severity issue impacting the SD-WAN vManage software.
Tracked as CVE-2021-1479 with a CVSS score of 9.8, the critical bug exists because of improper validation of user-supplied input and could allow an attacker to trigger a buffer overflow by sending a crafted connection request to the remote management component of SD-WAN vManage.
In an advisory, Cisco notes that affected products include IOS XE SD-WAN software, SD-WAN cEdge routers, SD-WAN vBond Orchestrator software, SD-WAN vEdge routers, and SD-WAN vSmart Controller software.
Separately, Cisco announced that it would not release patches for a critical.
"Cisco has not released and will not release software updates to address the vulnerability described in this advisory. The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process," the company announced.
Cisco also published advisories to detail medium severity flaws patched in IOS XR software, Webex Meetings for Android, Webex Meetings, Cisco Umbrella, Dual WAN Gigabit VPN routers, Unified Intelligence Center software, Unified CM and Unified CM SME. Details on each of the addressed vulnerability can be found on Cisco's support.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-08 | CVE-2021-1479 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. | 9.8 |