Cisco has released security updates to address pre-auth remote code execution (RCE) vulnerabilities affecting multiple SD-WAN products and the Cisco Smart Software Manager software.
SD-WAN are software products that help manage wide-area networks (WAN) while Smart Software Manager is a cloud-based management solution for Cisco licenses.
Unauthenticated attackers can remotely exploit buffer overflow and command injection bugs to execute arbitrary code or to run arbitrary commands on the underlying operating system of devices running vulnerable releases of SD-WAN and Cisco Smart Software Manager Satellite software.
Also Read: Letter of Consent MOM: Getting the Details Right
Releases of Cisco SD-WAN Software vulnerable to pre-auth RCE attacks designed to exploit CVE-2021-1300 include:
Pre-auth RCE vulnerabilities affecting Cisco’s cloud licensing manager are tracked as CVE-2021-1138, CVE-2021-1140, and CVE-2021-1142. They affect Cisco Smart Software Manager Satellite releases 5.1.0 and earlier.
Cisco has fixed them in versions 6.3.0 and later and has renamed Cisco Smart Software Manager Satellite to Cisco Smart Software Manager On-Prem.
“The vulnerabilities are not dependent on one another,” Cisco explains. “Exploitation of one of the vulnerabilities is not required to exploit the other vulnerability.”
“In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerability,” Cisco added.
Luckily, “[t]he Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.”
These vulnerabilities were found by Cisco security researchers during internal security testing of affected products.
Cisco today also addressed critical command injection vulnerabilities impacting SD-WAN products and the Command Runner tool of Cisco DNA Center.
Also Read: CCTV Law Singapore Edition: Know Your Rights and Responsibilities
In November, the company also patched multiple pre-authentication vulnerabilities with public exploits in the Cisco Security Manager exposing affected devices to remote code execution attacks.
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
Prioritizing Security Measures When Launching a Webpage That Every Organisation in Singapore should take note…
Importance of Regularly Changing Passwords for Enhance Online Security that every Organisation in Singapore should…
Comprehensive Approach to Data Protection and Operational Integrity that every Organsiation in Singapore should know…
Here's the importance of Pre-Launch Testing in IT Systems Implementation for Organisations in Singapore. The…
Understanding Liability in IT Vendor Relationships that every Organisation in Singapore should look at. Understanding…
This website uses cookies.
