Cisco Plugs Serious Flaws in Policy Suite, SD-WAN, and Nexus Switches
Cisco has issued another batch of fixes, plugging a number of critical and high severity holes in its Policy Suite, SD-WAN, and Nexus products.
The Cisco SD-WAN Solution – a cloud-delivered overlay WAN architecture for enterprises – is affected by many high severity flaws that range from remote code execution and command injection to DoS and arbitrary file overwrite flaws.
Users of the vBond Orchestrator Software, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software, and various series of the vEdge routers should check which Cisco SD-WAN release they are running. If it’s a release prior to release 18.3.0 they should upgrade to that version as there are no workarounds available for any of these vulnerabilities.
Cisco says that there are no known instances of the flaw being exploited in the wild, but has provided indicators of compromise that administrators should be on the lookout for.
Read more: Help Net Security