Security News > 2021 > May > Critical Cisco SD-WAN, HyperFlex Bugs Threaten Corporate Networks
Cisco has addressed two critical security vulnerabilities in the SD-WAN vManage Software, one of which could allow an unauthenticated attacker to carry out remote code execution on corporate networks or steal information.
The networking giant also disclosed a denial-of-service issue in vManage; and locally exploitable bugs that would allow an authenticated attacker to escalate privileges or gain unauthorized access to applications.
Separately, Cisco patched two vulnerabilities in the Cisco HyperFlex HX platform, one of them rated critical.
Cisco said Wednesday that multiple vulnerabilities in the platform's web-based management interface could allow an unauthenticated, remote attacker to perform command-injection attacks against an affected device.
The second bug rates 7.2 on the CVSS scale, and is due to insufficient validation of user-supplied input, according to Cisco, which added, "A successful exploit could allow the attacker to execute arbitrary commands on an affected device as the tomcat8 user."
In February, Cisco addressed a critical vulnerability in its intersite policy manager software for the Nexus 3000 Series switches and Nexus 9000 Series switches that could allow a remote attacker to bypass authentication.
News URL
https://threatpost.com/critical-cisco-sd-wan-hyperflex-bugs/165923/
Related news
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)