Another set of patches addressing critical security vulnerabilities was just released by Cisco.
Vulnerabilities in Cisco SD-WAN vManage Software
Some of the vulnerabilities affect the company’s SD-WAN vManage software. “Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application,” the official advisory says.
Affected products include:
- IOS XE SD-WAN Software
- SD-WAN cEdge Routers
- SD-WAN vBond Orchestrator Software
- SD-WAN vEdge Routers
- SD-WAN vSmart Controller Software
Here is a list of the vulnerabilities:
- CVE-2021-1468 in Cisco SD-WAN vManage Cluster Mode which is described as an unauthorized message processing vulnerability;
- CVE-2021-1505 in Cisco SD-WAN vManage Cluster Mode which is a privilege escalation security flaw;
- CVE-2021-1508 in Cisco SD-WAN vManage Cluster Mode which could allow unauthorized access;
- CVE-2021-1275 in Cisco SD-WAN vManage which could create a denial- of-service condition;
- CVE-2021-1506 in Cisco SD-WAN vManage Cluster Mode which is described as an unauthorized services access vulnerability.
Cisco HyperFlex HX Command Injection Security Flaws
These are not the only security loopholes that the network giant addressed this week. The company also fixed a number of vulnerabilities in the web-based management interface of Cisco HyperFlex HX that could allow an unauthenticated, remote attacker to carry out command injection attacks.
What products are affected? Devices that are are running a vulnerable release of Cisco HyperFlex HX Software.
Here’s a list of the Cisco HyperFlex HX flaws:
- CVE-2021-1497 in Cisco HyperFlex HX Installer Virtual Machine is a command injection vulnerability;
- CVE-2021-1498 in Cisco HyperFlex HX Data Platform is also a command injection issue.
There are no reports that any of the vulnerabilities described above are exploited in the wild. Users are advised to apply the available patches as soon as possible to avoid any issues.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: