Vulnerabilities in Cisco SD-WAN vManage Software
Some of the vulnerabilities affect the company’s SD-WAN vManage software. “Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application,” the official advisory says.
Affected products include:
- IOS XE SD-WAN Software
- SD-WAN cEdge Routers
- SD-WAN vBond Orchestrator Software
- SD-WAN vEdge Routers
- SD-WAN vSmart Controller Software
Here is a list of the vulnerabilities:
- CVE-2021-1468 in Cisco SD-WAN vManage Cluster Mode which is described as an unauthorized message processing vulnerability;
- CVE-2021-1505 in Cisco SD-WAN vManage Cluster Mode which is a privilege escalation security flaw;
- CVE-2021-1508 in Cisco SD-WAN vManage Cluster Mode which could allow unauthorized access;
- CVE-2021-1275 in Cisco SD-WAN vManage which could create a denial- of-service condition;
- CVE-2021-1506 in Cisco SD-WAN vManage Cluster Mode which is described as an unauthorized services access vulnerability.
Cisco HyperFlex HX Command Injection Security Flaws
These are not the only security loopholes that the network giant addressed this week. The company also fixed a number of vulnerabilities in the web-based management interface of Cisco HyperFlex HX that could allow an unauthenticated, remote attacker to carry out command injection attacks.
What products are affected? Devices that are are running a vulnerable release of Cisco HyperFlex HX Software.
Here’s a list of the Cisco HyperFlex HX flaws:
- CVE-2021-1497 in Cisco HyperFlex HX Installer Virtual Machine is a command injection vulnerability;
- CVE-2021-1498 in Cisco HyperFlex HX Data Platform is also a command injection issue.
There are no reports that any of the vulnerabilities described above are exploited in the wild. Users are advised to apply the available patches as soon as possible to avoid any issues.