From the Blog

Cisco’s recent update fixes high-severity flaws

cisco_patches-680x400

Cisco has recently uncovered hidden flaws which if exploited could lead to privileged code execution. These flaws are found within Cisco’s SD-WAN devices which include their vBond and vSmart controllers along with their vManage Network Management system and vBond Orchestrator software. Other devices that are affected by this vulnerability are Cisco’s vEdge routers.

“Cisco has fixed this vulnerability in Cisco SD-WAN Solution software Release 19.2.2.” – Cisco

There were three vulnerabilities that were found, one of which can enable arbitrary code to be run by a privileged user. This vulnerability is known as CVE-2020-3266. This vulnerability is severe; however, it is very difficult to successfully exploit it due to having authenticated access to the devices CLI. This flaw has the security rating of 7.8 out of 10.0 on the CVSS scores.

The next vulnerability that was found goes by the name CVE-2020-3264 which is a buffer overflow vulnerability that was found due to the lack of input validation within Cisco’s software. This vulnerability involves authentication, however, when present and attacker can gain access to information, they should not have access to. This vulnerability is harder to exploit than the previous one mentioned so the CVSS score is 7.1 out of 10.0.

The final vulnerability is a privilege escalation flaw named CVE-2020-3265. This flaw could potentially allow an authenticated attacker to gain root privileges if exploited correctly. This flaw is rated at a 7.0 out of 10.0 in the CVSS scores.

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest
Scroll to Top

Covid-19 Update

We Remain Open

At this present time we have taken all the relevant measures to ensure our team are safe. Until further notice all our “onsite” engagements will either be postponed or performed remotely via VPN or one of our appliances.

Please bear with us if we need to reschedule some of your work. As a collective, we are also volunteering our time to support the elderly and assist essential services.

Thank you for your patience and understanding.

Peter
CEO & Founder