Security News > 2021 > May > Critical Cisco SD-WAN, HyperFlex Bugs Threaten Corporate Networks

Critical Cisco SD-WAN, HyperFlex Bugs Threaten Corporate Networks
2021-05-06 17:54

Cisco has addressed two critical security vulnerabilities in the SD-WAN vManage Software, one of which could allow an unauthenticated attacker to carry out remote code execution on corporate networks or steal information.

The networking giant also disclosed a denial-of-service issue in vManage; and locally exploitable bugs that would allow an authenticated attacker to escalate privileges or gain unauthorized access to applications.

Separately, Cisco patched two vulnerabilities in the Cisco HyperFlex HX platform, one of them rated critical.

Cisco said Wednesday that multiple vulnerabilities in the platform's web-based management interface could allow an unauthenticated, remote attacker to perform command-injection attacks against an affected device.

The second bug rates 7.2 on the CVSS scale, and is due to insufficient validation of user-supplied input, according to Cisco, which added, "A successful exploit could allow the attacker to execute arbitrary commands on an affected device as the tomcat8 user."

In February, Cisco addressed a critical vulnerability in its intersite policy manager software for the Nexus 3000 Series switches and Nexus 9000 Series switches that could allow a remote attacker to bypass authentication.


News URL

https://threatpost.com/critical-cisco-sd-wan-hyperflex-bugs/165923/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751