The recent talk of the town is the critical vulnerabilities in Cisco SD-WAN software. These vulnerabilities allow unauthenticated attackers to perform remote command injection attacks against devices with root privileges. Since there are no workarounds to address these vulnerabilities, here are the important updates for the affected devices.
Cisco is requesting customers with the affected products below to upgrade to an appropriate fixed software release for remediating the issue.
| Cisco SD-WAN Release | First Fixed Release for These Vulnerabilities | First Fixed Release for All Vulnerabilities Described in the Collection of Advisories |
|---|---|---|
|
Earlier than 18.3 18.3, 18.4 19.2, 19.3 |
Migrate to a fixed release. |
Migrate to a fixed release. |
|
20.1 |
20.1.2 |
Migrate to a fixed release. |
|
20.3 |
20.3.2 |
20.3.2 |
|
20.4 |
20.4.1 |
20.4.1 |
The fixed software versions are necessary to be applied. If you are unable to apply due to environmental restrictions, please review the below:
The vulnerabilities can affect the following Cisco products, if they are running a vulnerable release of Cisco SD-WAN software.
1 Feb 2021 | Original articles from Cisco
Copyright © 2023 JOS (SG) Pte. Ltd. All rights reserved.
