Cisco SD-WAN Security Bug Allows Root Code Execution

2021-10-22 14:48

Cisco SD-WAN implementations are vulnerable to a high-severity privilege-escalation vulnerability in the IOS IE operating system that could allow arbitrary code execution.

The bug is an OS command-injection issue, which enables attackers to execute unexpected, dangerous commands directly on the operating system that normally wouldn't be accessible.

"A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges."

In January, it fixed multiple, critical buffer-overflow and command-injection SD-WAN bugs, the most serious of which could be exploited by an unauthenticated, remote attacker to execute arbitrary code on the affected system with root privileges.

In May, Cisco addressed two critical security vulnerabilities in the SD-WAN vManage Software, one of which could allow an unauthenticated attacker to carry out remote code execution on corporate networks or steal information.

Just last month, Cisco disclosed two critical security vulnerabilities affecting the IOS XE software and its SD-WAN, the most severe of which would allow unauthenticated RCE and denial-of-service.

News URL

https://threatpost.com/cisco-sd-wan-bug-code-execution-root/175669/

#codeexecution #WAN #security #sdwan #root #cisco

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		4442	231	3052	1816	604	5703

News URL

Related news

Related vendor