Cisco has addressed multiple vulnerabilities in its products, including high-risk flaws in Webex Player, SD-WAN software, and ASR 5000 series software.
The IT giant fixed three high-severity vulnerabilities (CVE-2021-1503, CVE-2021-1526, CVE-2021-1502) affecting Webex Player for Windows and macOS. Both CVE-2021-1502, CVE-2021-1503 are memory corruption vulnerabilities that impact the Webex Network Recording Player and Webex Player releases 41.4 and later.
The CVE-2021-1526 is a memory corruption issue that attackers could exploit to execute arbitrary code on an affected system. The flaw could be exploited through rigged Webex Recording Format (WRF) files affects Cisco WebEx Player
The company also addressed a high risk vulnerability, tracked as CVE-2021-1528, in SD-WAN software. An attacker could exploit the vulnerability to gain elevated privileges on a vulnerable system.
The flaw affects SD-WAN versions 20.4 and 20.5 (vBond Orchestrator, vEdge Cloud and vEdge Routers, vManage, and vSmart Controller).
Cisco also patched two authorization bypass issues, tracked as CVE-2021-1539 and CVE-2021-1540, in ASR 5000 series software (StarOS) that could allow attackers to bypass authorization and execute CLI commands on an affected machine.