Critical Vulnerabilities in Cisco SD-WAN vManage Software
On April 7th, Cisco confirmed the existence of multiple vulnerabilities in the Cisco SD-WAN vManage Software that can allow for an unauthenticated, remote attacker to execute arbitrary and potentially malicious code or allow a locally authenticated user to gain escalated privileges on affected systems. For more information about the full scope of these vulnerabilities, refer to the official Cisco security advisory. Cisco has released software updates that address and mitigate these vulnerabilities.
Scope of VulnerabilityThese vulnerabilities exist on any Cisco products running vulnerable releases of Cisco SD-WAN vManage Software. Cisco has confirmed that these vulnerabilities do not affect the following Cisco products:
- IOS XE SD-WAN Software
- SD-WAN cEdge Routers
- SD-WAN vBond Orchestrator Software
- SD-WAN vEdge Routers
- SD-WAN vSmart Controller Software