May 31, 2023

Cisco addressed a high severity OS command injection vulnerability, tracked as CVE-2021-1529, in Cisco SD WAN that could allow privilege escalation and lead to arbitrary code execution.

Cisco SD WAN is a cloud delivered overlay WAN architecture that enables digital and cloud transformation at enterprises, it allows to connect disparate office locations via the cloud.

An authenticated, local attacker can exploit the CVE-2021-1529 vulnerability to execute arbitrary commands with root privileges. The CVE-2021-1529 received a CVSS score of 7.8,

Advertisements

The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

Cisco has released software updates to address this flaw.The Cisco PSIRT is not aware of attacks in the wild exploiting this vulnerability. The CISA also published a security advisory for this flaw that urge organizations to address this vulnerability.

Advertisements
Tags:

Leave a Reply

You may have missed

Mirai Bots Targeting IoT Devices

Mirai Bots Targeting IoT Devices

May 30, 2023
Watering hole attack from Tortoiseshell group

Watering hole attack from Tortoiseshell group

May 29, 2023
New TLD Based Phishing Campaign

New TLD Based Phishing Campaign

May 29, 2023
CrowdStrike strategy dominates MDR Market

CrowdStrike strategy dominates MDR Market

May 28, 2023
TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
%d bloggers like this: