Your one-stop web resource providing safety and security information to manufacturers

Cisco has a fix for a critical vulnerability in its SD-WAN Solution that could allow an attacker to perform arbitrary code execution.

The vulnerability is a result of improper bounds checking by the vContainer.

RELATED STORIES
Cisco Clears Security Appliance Holes
SQL Injection Flaw Fixed in Cisco’s PLM
Cisco Working on Fix for Security Appliance
Cisco Fixes Local WebEx Hole

The issue could allow for attackers to send malicious files which could cause a buffer overflow on the vContainer and create a situation for arbitrary code execution as root, the company said in its advisory.

Cisco vSmart Controllers running a SD-WAN Solution release prior to 18.4.0 suffer from the issue.

Cyber Security

To get the fix, a user needs to notify Cisco. Right now there is no fixed software to download.

The company said it is not aware of any exploitation, and the vulnerability was found during internal testing.

In another vulnerability, Trend Micro’s Zero Day Initiative found a hole that allowed for arbitrary command execution within the Webex Teams client, Cisco said.

This vulnerability is a result of unsafe search paths used by the application URI defined in Windows operating systems, Cisco said.

An attacker could run commands with the same privileges as the targeted user.

The vulnerability impacts all versions of Cisco Webex Teams earlier than version 3.0.10260 released in November.

Pin It on Pinterest

Share This