Critical bugs found in Cisco SD-WAN software

Cisco has issued patches for multiple flaws in its SD-WAN products that could allow unauthennticated remote threat actors to attack vulnerable devices.

The network equipment vendor said one buffer overflow vulnerability that lets unauthenticated attackers run arbitrary code with root superuser privileges is due to incorrect handling of internet protocol traffic.

By sending specially crafted IP traffic through a vulnerable device, attackers could trigger a buffer overflow in the software, Cisco warned.

The flaw has a Common Vulnerabilities Scoring System rating of 9.8 out of 10.

Another buffer overrflow condition in Cisco's SD-WAN NETCONF subsystem lets authenticated remote attackers send specially crafted files to vulnerable devices, resulting in a denial of service condition.

That flaw is rated CVSS 6.5 out of 10.

Several command injection vulnerabilities were also found in Cisco SD-WAN software.

The most serious with a CVSS rating of 9.9 out fo 10 affects the vManage software, which does not properly validate user input to device template configuration.

Exploiting that vulnerability could allow attackers to gain root access on vulnerabie devices.

The vulnerabilites are found on the following products:

IOS XE SD-WAN Software
SD-WAN vBond Orchestrator Software
SD-WAN vEdge Cloud Routers
SD-WAN vEdge Routers
SD-WAN vManage Software
SD-WAN vSmart Controller Software

Cisco has issued patches for the above.

Another set of vulnerabilities affect the web user interface in Cisco Smart Software Manager Satellite releases 5.1.0 and earlier.

One which is rated CVSS 9.8 and considered critical can be exploited by remote, unauthenticated attackers to run arbitrary commands on vulnerable devices simply by sending HTTP requests.