Cisco warns on critical security vulnerabilities in SD-WAN software, so update now
Cisco has warned its users to update networking software immediately due to four severe flaws affecting the Smart Software Manager Satellite, and SD-WAN DNA. SD-WAN has three critical command injection vulnerabilities with a collective score of 9.9 out of 10. Vulnerabilities of this nature require immediate action. According to Cisco, the flaws can be combined to allow an unauthorized threat actor to launch a command injection attack against a compromised device.
The severity rating is also partially due to the impact in which a successful hack exploiting the SD-WAN flaws would have. The attacker would be granted root privileges on the device and be able to take certain actions. This may mean deleting or adding files or documents. The issue affects many different Cisco offerings, such as the SD-WAN vBond Orchestrator Software, vEdge Cloud Routers, and vSmart Controller Software.