New Case Study: Threat Hunter finds renamed system utilities by file hash to uncover multiple attacks   

Read Case Study


Cisco Releases Patch for SD-WAN, Cloud License Manager Products

January 21, 2021

Recent updates to Cisco’s SD-WAN and Cloud License Manager products have been released to address remotely exploitable buffer overflow and command injection vulnerabilities. The following SD-WAN products are vulnerable to CVE-2021-1300 and CVE-2021-1301:

  • IOS XE SD-WAN Software
  • SD-WAN vBond Orchestrator Software
  • SD-WAN vEdge Cloud Routers
  • SD-WAN vEdge Routers
  • SD-WAN vManage Software
  • SD-WAN vSmart Controller Software

CVE-2021-1138, CVE-2021-1140, and CVE-2021-1142 affect versions 5.1.0 and below of Cisco Smart Software Manager Satellite. Newer versions of this software have been renamed to Cisco Smart Software Manager On-Prem.

All of the vulnerabilities listed above were found by Cisco through internal testing and no evidence of exploitation of these vulnerabilities in the wild has been found.

Analyst Notes

Cisco has provided a helpful table in their security advisory for which SD-WAN updates to apply for each product. Cisco Smart Software Manager Satellite has been renamed to Cisco Smart Software Manager On-Prem and addresses the command injection vulnerabilities with version 6.3.0. Binary Defense highly recommends administrators update these products as soon as possible.