Friday 9 April 2021
The impact of this issue announcement is critical. Please act accordingly to rectify the issue, as stated below.
- IOS XE SD-WAN Software
- SD-WAN cEdge Routers
- SD-WAN vBond Orchestrator Software
- SD-WAN vEdge Routers
- SD-WAN vSmart Controller Software
What you need to know:
Cisco has announced the release of security patches for multiple vulnerabilities in SD-WAN vManage, including a critical bug caused by improper validation of user supplied input, thereby allowing a buffer overflow (CVE-2021-1479), and two more high severity flaws that could lead to privilege escalation (CVE-2021-1137 and CVE-2021-1480).
Actions to be taken:
Administrators are advised to update their software to the appropriate fix as indicated in the ‘Fixed Releases’ table in Cisco’s recent advisory pertaining to the said security bugs. (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy#details)