Security News

Cisco SD-WAN Buffer Overflow Vulnerabilities: Systems running the Cisco SD-WAN software - such as SD-WAN vEdge Routers - can be exploited "By sending crafted IP traffic through an affected device, which may cause a buffer overflow when the traffic is processed." A successful attack can result in the execution of arbitrary code on the underlying operating system with root privileges, which means you basically hand over the gear to a stranger. Cisco SD-WAN Command Injection Vulnerabilities: These can be exploited by authenticated users to gain root-level privileges on a system running the vulnerable software.

Cisco this week released patches to address a significant number of vulnerabilities across its product portfolio, including several critical flaws in SD-WAN products, DNA Center, and Smart Software Manager Satellite. Several command injection bugs addressed in SD-WAN products could allow an attacker to perform actions as root on the affected devices, the most important of which is rated critical severity, featuring a CVSS score of 9.9.

Cisco is warning of multiple, critical vulnerabilities in its software-defined networking for wide-area networks solutions for business users. Three critical flaws were found in Cisco smart software manager satellite, which offers businesses real-time visibility and reporting of their Cisco licenses.

Cisco has released security updates to address pre-auth remote code execution vulnerabilities affecting multiple SD-WAN products and the Cisco Smart Software Manager software. Unauthenticated attackers can remotely exploit buffer overflow and command injection bugs to execute arbitrary code or to run arbitrary commands on the underlying operating system of devices running vulnerable releases of SD-WAN and Cisco Smart Software Manager Satellite software.

As per the report by PMR, the global SD-WAN market is projected to grow rapidly and reach a valuation of $53 billion by the end of 2030. Worldwide SD-WAN market The appliances segment in the SD-WAN market is expected to gain significant share, owing to increasing adoption of cloud platforms.

Versa Networks announced a new capability connecting Versa Secure SD-WAN, on-premises, and cloud branches with applications and resources in Amazon Web Services using the new high-performance AWS Transit Gateway Connect feature, an AWS Transit Gateway attachment type that enables AWS customers to connect third-party SD-WAN hubs and network virtual appliances with AWS Transit Gateway. Versa Director now integrates with AWS Transit Gateway Connect APIs to deliver an automated, one-click solution for connecting Versa Secure SD-WAN, on-premises and multi-cloud branch locations to each other and with Amazon VPCs. Versa customers can now easily connect Versa Secure SD-WAN with AWS Transit Gateway for a high-performance and simplified connection between their branch offices, applications and resources in Amazon VPCs. The native integration with AWS Transit Gateway Connect allows customers to deploy high-bandwidth Versa Cloud Gateways in AWS leveraging the Versa centralized management and orchestration.

Due to the rising adoption of IoT and the growing utilization of big data, the valuation of the global SD-WAN market is predicted to increase from $1.4 billion to $43 billion from 2019 to 2030. Between the solution and service categories, under the offering segment of the SD-WAN market, the former is expected to register higher revenue growth in the market in the coming years.

Researchers at cybersecurity consulting firm Realmode Labs have identified vulnerabilities in SD-WAN products from Silver Peak, Cisco, Citrix and VMware, including potentially serious flaws that can be exploited to steer traffic or completely shut down an organization's network. Realmode Labs has published four blog posts this month describing the vulnerabilities found by Ariel Tempelhof and Yaar Hahn in SD-WAN solutions from VMware, Cisco, Citrix and Silver Peak, which HP acquired earlier this year.

VMware has patched critical vulnerabilities affecting its ESXi enterprise-class hypervisor and has released a security update for its SD-WAN Orchestrator, plugging a handful of serious security holes. Vulnerabilities in ESXi hypervisor exploited during a hacking competition.

VMware on Wednesday patched a total of six vulnerabilities in its SD-WAN Orchestrator product, including flaws that can be chained by an attacker to steer traffic or shut down an enterprise network. Three of the vulnerabilities were reported to VMware by Israel-based cybersecurity consulting firm Realmode Labs.