Security News > 2021 > May > Critical Cisco SD-WAN, HyperFlex Bugs Threaten Corporate Networks

Cisco has addressed two critical security vulnerabilities in the SD-WAN vManage Software, one of which could allow an unauthenticated attacker to carry out remote code execution on corporate networks or steal information.

The networking giant also disclosed a denial-of-service issue in vManage; and locally exploitable bugs that would allow an authenticated attacker to escalate privileges or gain unauthorized access to applications.

Separately, Cisco patched two vulnerabilities in the Cisco HyperFlex HX platform, one of them rated critical.

Cisco said Wednesday that multiple vulnerabilities in the platform's web-based management interface could allow an unauthenticated, remote attacker to perform command-injection attacks against an affected device.

The second bug rates 7.2 on the CVSS scale, and is due to insufficient validation of user-supplied input, according to Cisco, which added, "A successful exploit could allow the attacker to execute arbitrary commands on an affected device as the tomcat8 user."

In February, Cisco addressed a critical vulnerability in its intersite policy manager software for the Nexus 3000 Series switches and Nexus 9000 Series switches that could allow a remote attacker to bypass authentication.

News URL

https://threatpost.com/critical-cisco-sd-wan-hyperflex-bugs/165923/