Networking company Cisco disclosed five security flaws in the SD-WAN vManage Software, with one having a CVSS vulnerability-severity score of 9.8 out of 10 and which enables remote attackers to perform remote code execution attacks, according to Threatpost.
Among the vulnerabilities discovered in SD-WAN vManage, CVE-2021-1468 is reportedly caused by improper authentication checks on user-provided inputs on an application messaging service, which allows threat actors to submit malicious input that enable them to perform privileged actions such as creating new administrator-level accounts. Another flaw, CVE-2021-1505, is a local privilege-escalation bug that allows unauthorized people to gain elevated privileges inside a system. A third vulnerability allows denial-of service attacks to be performed by sending a large number of API requests to a target system. All identified vulnerabilities were reported to have been addressed through an update.
Meanwhile, Cisco said it also addressed two vulnerabilities in the Cisco HyperFlex software for managing hybrid IT environments, including a critical flaw that is caused by “insufficient validation of user-supplied input” and could allow hackers to perform commands on affected devices as a root user.
Among the vulnerabilities discovered in SD-WAN vManage, CVE-2021-1468 is reportedly caused by improper authentication checks on user-provided inputs on an application messaging service, which allows threat actors to submit malicious input that enable them to perform privileged actions such as creating new administrator-level accounts. Another flaw, CVE-2021-1505, is a local privilege-escalation bug that allows unauthorized people to gain elevated privileges inside a system. A third vulnerability allows denial-of service attacks to be performed by sending a large number of API requests to a target system. All identified vulnerabilities were reported to have been addressed through an update.
Meanwhile, Cisco said it also addressed two vulnerabilities in the Cisco HyperFlex software for managing hybrid IT environments, including a critical flaw that is caused by “insufficient validation of user-supplied input” and could allow hackers to perform commands on affected devices as a root user.