MY BRAND BOOK Cisco hits another SD-WAN bug

Cisco hits another SD-WAN bug

By MYBRANDBOOK

Cisco has patched a high-severity vulnerability affecting routers running the company’s popular SD-WAN software. The vulnerability is caused by insufficient input validation stemming from the command line interface (CLI) of Cisco’s IOS XE SD-WAN software. If exploited, the bug could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.

The vulnerability affects several routers running the software including both 1000 series Aggregation and Integrated Services Routers (ISR), 4000 series ISRs, and Cloud Services Router 1000v Series.

Cisco reports, “An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility”. However, the company notes that the attacker would have had to be authenticated to access the CLI utility.

Cisco has also confirmed that the bug does not affect its IOS, IOS XE, vBond, vEdge, vManage, or vSmart software suites. While Cisco says it is not aware of any malicious use of the vulnerability, with 20,000 customers around the world using Cisco’s Viptela and Meraki SD-WAN offerings, the vulnerability remains notable.

The latest bug comes after the company patched three high-impact and two medium-impact vulnerabilities affecting its routers and SD-WAN management, orchestration, and controller software, in late March.

Similar to this week’s patch, the first two bugs would have allowed an authenticated, local attacker to gain root-level privileges on the operating system. The third high-impact bug would have allowed a local attacker to trigger a buffer overflow on an effected device in order to gain control.

The medium-impact vulnerabilities were discovered in Cisco’s SD-WAN vManage web user interface, which would have allowed an attacker to conduct a cross-site scripting attack against the user. The second medium-threat bug would have enabled SQL injection attacks on the affected system.

BREAKING NEWS

Cisco announces AI-native secure Wi-Fi 7 for future-ready employe...

Announcing a major leap in wireless technology, Cisco has launched its Wi...

The BSE benchmark Sensex tumbled over 800 points, leaving investo...

The BSE benchmark Sensex recently experienced a significant drop, tumblin...

North Korean GPS Interference Disrupts Air Traffic...

South Korea's military has publicly accused North Korea of disrupting GP...

US ordered TSMC to halt chip shipments to China...

TSMC has had regular discussions with the government on export control issu...

TECHNO TRENDS

Nazara and ONDC set to transform in-game monetization with ‘

Nazara Technologies has teamed up with the Open Network for Digital Comme...

Jio Platforms and NICSI to offer cloud services to government

In a collaborative initiative, the National Informatics Centre Services In...

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...

Pinterest tracks users without consent, alleges complaint

A recent complaint alleges that Pinterest, the popular image-sharing platf...

E-Magazine

TECHNOTAINMENT

Eloelo teams up with Elvish Yadav for India's biggest digital

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix has introduced a new “Moments” feature on its mobile app, whic

Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b

MOVERS & SHAKERS

Kamal Nath quits SIFY Technologies

Visa elevates Rishi Chhabra as new Country Manager for India

Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ

Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys continues to deepen its investment in the APAC region. Earlier this

OPEN YOUR EYES

600% increase in malicious emails during Covid-19 crisis

Chinese Investments targets start-ups to scale up in India

No road block for the cyber espionage cases

The demand for touch-less services are on huge demand

The rising risk of insider threats in the remote workforce

INTERVIEWS

Alcatel-Lucent Enterprise Carrying a 100 year legacy ahead

In India, 88% of Indian business leaders are planning to inves

As we move through 2024, it has become increasingly clear that AI is not ju

Autodesk continually pushing the boundaries in the Design and

Autodesk’s vision is of a better world designed and made for all. It inte

HOT PICK

BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall announced today the launch of the TZ80, a groundbreaking securit

Gigabyte X3D Turbo: A Gaming Revolution

GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr

MAKE IN INDIA BRANDS

BEETEL TELETECH LTD.

PDRL - Passenger Drone Research Pvt. Ltd.

ZOHO CORPORATION PVT. LTD.

NETWEB TECHNOLOGIES INDIA LTD.

EMINENT CIO'S OF INDIA

GAINING CUSTOMERS’ TRUST IS ESSENTIAL FOR SMOOTH OMNICHANNEL INTERACTIONS

In the fiscal year 2024-25, our organization has i...

AGILE TECHNIQUE ENCOURAGES TEAMWORK, ADAPTABILITY, AND CONTINUOUS ITERATION

Several emerging technology trends are significant...

AI AND DATA ANALYTICS REVOLUTIONIZING HEALTHCARE SERVICES

...

ICONS OF INDIA

ICONS OF INDIA : S KRISHNAN

S Krishnan as the secretary for the electronics and information techno...

ICONS OF INDIA : SHAILENDER KUMAR

Shailender Kumar is senior vice president and regional managing direct...

Icons Of India : Dilip Asbe

At present, Dilip Asbe is heading National Payments Corporation of Ind...

PARTNER SPEAKERS

Innovation, Technology and Partnerships Continue To Be The Cornerstone Of Growth

IT distribution is undergoing a significant transformation. As technology evol...

"Tech Data's Solution-Centric Methodology and Consistent Communication: Enhancing Customer Experience Across All Touchpoints"

Tech Data’s unique value proposition is its solutions aggregation and orches...

Fostering Positive Relationships and Enhancing Customer Satisfaction

Bloom Electronics’ data-driven insights for strategic brand decision and bra...

PSU

NIC - National Informatics Centre

NIC serves as the primary IT solutions provider for the government of ...

C-DAC - Centre for Development of Advanced Computing

C-DAC is uniquely positioned in the field of advanced computing...

RailTel Corporation of India Limited

RailTel is a leading telecommunications infrastructure provider in Ind...

VIDEOS

Top 25 Brands

Most Trusted Brands 2024 : Cisco Systems Inc

Cisco positions itself as the company that connects people, devices, and data,...

Most Trusted Brands 2024 : Redington Ltd.

Redington positions itself as a bridge between global technology brands and re...

Most Trusted Brands 2024 : Oracle Corporation

Oracle focuses on secure enterprise software, and cloud solutions to build str...

Global Indian industry

Indian Tech Talent Excelling The Tech World - Lal Karsanbhai, President & CEO, Emerson

Lal Karsanbhai, President and CEO of Emerson, assumed the leadership i...

Indian Tech Talent Excelling The Tech World - RAVI KUMAR S, CEO- Cognizant

Ravi Kumar S, appointed as CEO of Cognizant in January 2023, sets the ...

Indian Tech Talent Excelling The Tech World - Aman Bhutani, CEO, GoDaddy

Aman Bhutani, the self-taught techie and CEO of GoDaddy, oversees a co...

STARNITE AWARDS 2024

ITFORUM 2024

CMO of the Year

WOMEN LEADERSHIP

IMAGE GALLERY

TRENDS IN TECHNOLOGY