Cisco SD-WAN Security Bug Allows Root Code Execution

Share on linkedin
Share on facebook
Share on twitter

Cisco SD-WAN implementations are vulnerable to a high-severity privilege-escalation vulnerability in the IOS IE operating system that could allow arbitrary code execution.

The bug is an OS command-injection issue, which enables attackers to execute unexpected, dangerous commands directly on the operating system that normally wouldn’t be accessible.

“A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.”

In January, it fixed multiple, critical buffer-overflow and command-injection SD-WAN bugs, the most serious of which could be exploited by an unauthenticated, remote attacker to execute arbitrary code on the affected system with root privileges.

In May, Cisco addressed two critical security vulnerabilities in the SD-WAN vManage Software, one of which could allow an unauthenticated attacker to carry out remote code execution on corporate networks or steal information.

Just last month, Cisco disclosed two critical security vulnerabilities affecting the IOS XE software and its SD-WAN, the most severe of which would allow unauthenticated RCE and denial-of-service.

Stay on Top of Cyber Threats!

Subscribe to our monthly bulletin to stay updated on major cybersecurity risks.

Follow us on Socials:

Recent Cybersecurity News

CISA Warns of Actively Exploited Critical Zoho ManageEngine ServiceDesk Vulnerability

The U.S. Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency...
Read The Article

Emotet now spreads via fake Adobe Windows App Installer packages

The Emotet malware is now distributed through malicious Windows App Installer packages that...
Read The Article

Critical Wormable Security Flaw Found in Several HP Printer Models

Cybersecurity researchers on Tuesday disclosed multiple security flaws affecting 150 different multifunction printers...
Read The Article

Contact a Specialist

Discover why 1,000+ organizations trust our expertise to improve their cybersecurity.

Stay Updated on Cyber Risks!

Subscribe to the Vumetric Monthly Bulletin to keep up with breaking news in the cybersecurity industry.