Security News > 2021 > May > Critical Flaws Hit Cisco SD-WAN vManage and HyperFlex Software

Networking equipment major Cisco has rolled out software updates to address multiple critical vulnerabilities impacting HyperFlex HX and SD-WAN vManage Software that could allow an attacker to perform command injection attacks, execute arbitrary code, and gain access to sensitive information.

The HyperFlex HX command injection vulnerabilities, tracked as CVE-2021-1497 and CVE-2021-1498, affect all Cisco devices running HyperFlex HX software versions 4.0, 4.5, and those prior to 4.0.

Arising due to insufficient validation of user-supplied input in the web-based management interface of Cisco HyperFlex HX Data Platform, the flaws could enable an unauthenticated, remote attacker to perform a command injection attack against a vulnerable device.

Cisco also squashed five glitches affecting SD-WAN vManage Software that could permit an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application.

Nikita Abramov and Mikhail Klyuchnikov of Positive Technologies have been credited with reporting the HyperFlex HX flaws, whereas four of the SD-WAN vManage bugs were identified during internal security testing, with CVE-2021-1275 uncovered during the resolution of a Cisco Technical Assistance Center support case.

VMware on Wednesday released patches to fix a critical severity flaw in vRealize Business for Cloud 7.6 that enables unauthenticated attackers to execute malicious code on vulnerable servers remotely.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/-BIP1Yle3j8/critical-flaws-hit-cisco-sd-wan-vmanage.html