Cisco Patched Multiple Security Vulnerabilities In SD-WAN Solution

  • 125
  •  
  •  
  • 1
  •  
  •  
  •  
    126
    Shares

Cisco has recently rolled out fixes for multiple vulnerabilities found in its SD-WAN Solution. These include one critical and numerous high severity vulnerabilities. Cisco found these vulnerabilities during internal security testing procedures.

Critical Vulnerability Patched In SD-WAN Solution

Reportedly, Cisco has rolled out a fix for a critical security flaw in its SD-WAN Solution. The flaw mainly existed in SD-Wan Solution’s vContainer that could allow an attacker to execute arbitrary codes remotely on the target device, and create DoS state.

As described in Cisco’s advisory,

 “The vulnerability is due to improper bounds checking by the vContainer. An attacker could exploit this vulnerability by sending a malicious file to an affected vContainer instance. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected vContainer, which could result in a DoS condition that the attacker could use to execute arbitrary code as the root user.”

The vulnerability has received CVE number CVE-2019-1651 and has been deemed critical with a CVSS base score of 9.9.

Multiple High-Severity Flaws Also Fixed

The firm has also released fixes for multiple high-severity security flaws in SD-WAN Solution. These include multiple privilege escalation vulnerabilities (CVE-2019-1646) that could let a local attacker modify configuration files by elevating privileges.

In addition, the other vulnerabilities receiving fixes include unauthorized access vulnerabilities (CVE-2019-1647) allowing an adjacent attacker to bypass authentication, another privilege escalation vulnerability (CVE-2019-1648) giving root level privileges to a local attacker, and an arbitrary file overwrite vulnerability (CVE-2019-1650) giving root level privileges to a remote attacker.

All these vulnerabilities affected Cisco SD-WAN Solution versions before the release 18.4.0. Cisco confirmed no wild exploits of any of these vulnerabilities.

In the previous week as well, Cisco announced about a critical vulnerability in Small Business Switches that could allow an unauthorized attacker to bypass user authentication. Until now, Cisco has not released any fixes for this vulnerability. Rather they have simply asked the users to keep configured at least one level 15 privilege account so that the default account remains deactivated.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!