December 3, 2023

Cisco addressed a high severity OS command injection vulnerability, tracked as CVE-2021-1529, in Cisco SD WAN that could allow privilege escalation and lead to arbitrary code execution.

Cisco SD WAN is a cloud delivered overlay WAN architecture that enables digital and cloud transformation at enterprises, it allows to connect disparate office locations via the cloud.

An authenticated, local attacker can exploit the CVE-2021-1529 vulnerability to execute arbitrary commands with root privileges. The CVE-2021-1529 received a CVSS score of 7.8,

Advertisements

The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

Cisco has released software updates to address this flaw.The Cisco PSIRT is not aware of attacks in the wild exploiting this vulnerability. The CISA also published a security advisory for this flaw that urge organizations to address this vulnerability.

Advertisements
Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – November, 2023

December 2, 2023

Staples affected by a Cyber Attack

December 2, 2023

CISA KEV Update Part I – December 2023

December 1, 2023 2

Dollar Tree Affected by a Third Party Breach

December 1, 2023

Apple Patches iOS zerodays – CVE-2023-42916 and CVE-2023-42917

December 1, 2023

TheCyberThrone Security Week In Review – November 25, 2023

November 30, 2023
%d bloggers like this: