. home.aspx

NEWS

home.aspx
   


Cisco Issues Patches for Several SD-WAN Software Vulnerabilities

January 28, 2019 / Ali Longwell

Cisco released patches for new security vulnerabilities in its SD-WAN software. In total, Cisco found four vulnerabilities within its Viptela-based SD-WAN solution. The most critical vulnerability was discovered in the vContainer of the SD-WAN that would allow an authenticated, remote attacker to cause a denial of service (DoS) condition and allow them to execute as the root user. This affects the Cisco-hosted vContainer software running on Cisco SD-WAN versions prior to release 18.4.0. According to Cisco’s advisory report, “the vulnerability is due to improper bounds checking by the vContainer. An attacker could exploit this vulnerability by sending a malicious file to an affected vContainer instance.” The vendor has already deployed the fixed software updates that address the flaw. Cisco also deployed patches for three other flaws in its SD-WAN software. These were each marked as “high impact.”