Cisco adds another SD-WAN box to max-severity bug advisory
Summary
Cisco has added another Secure Development Lifecycle (SDLC) managed device to its list of products affected by a critical bug. The advisory now includes the Cisco SD-WAN vManage software, impacting versions up to 20.10. The vulnerability allows attackers to execute arbitrary code on affected devices.
IFF Assessment
This vulnerability allows for arbitrary code execution, posing a significant risk to network infrastructure and enabling potential compromise by attackers.
Severity
The CVSS score is estimated to be 9.8 (Critical) due to the potential for Remote Code Execution (RCE) with low attack complexity and significant impact on confidentiality, integrity, and availability.
Defender Context
This critical vulnerability in Cisco SD-WAN software requires immediate attention for defenders managing Cisco infrastructure. Organizations should prioritize patching or applying workarounds to mitigate the risk of remote code execution and potential network compromise.