Cisco has a fix for a critical vulnerability in its SD-WAN Solution that could allow an attacker to perform arbitrary code execution.
The vulnerability is a result of improper bounds checking by the vContainer.
The issue could allow for attackers to send malicious files which could cause a buffer overflow on the vContainer and create a situation for arbitrary code execution as root, the company said in its advisory.
Cisco vSmart Controllers running a SD-WAN Solution release prior to 18.4.0 suffer from the issue.
To get the fix, a user needs to notify Cisco. Right now there is no fixed software to download.
The company said it is not aware of any exploitation, and the vulnerability was found during internal testing.
In another vulnerability, Trend Micro’s Zero Day Initiative found a hole that allowed for arbitrary command execution within the Webex Teams client, Cisco said.
This vulnerability is a result of unsafe search paths used by the application URI defined in Windows operating systems, Cisco said.
An attacker could run commands with the same privileges as the targeted user.
The vulnerability impacts all versions of Cisco Webex Teams earlier than version 3.0.10260 released in November.