Cisco has released security updates that address three critical flaws in their Cisco Data Center Network Manager (DCNM) and several SD-WAN software products. The company also issued advisories on eight other high to medium severity flaws found in their DCNM software. With a score of 9.8/10 on the CVSS system, the authentication bypass vulnerability tracked as CVE-2020-3382 would allow an attacker to bypass authentication through the REST API and remotely execute arbitrary actions on vulnerable devices with administrator privileges. Other flaws include two vulnerabilities in their SD-WAN vManage Software and SD-WAN vEdge Solution Software that would allow an attacker to bypass authentication and allow them full access to affected systems. These two flaws are tracked as CVE-2020-3374 and CVE-2020-3375 and each received a CVSS score of 9.9/10.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in