Threat Watch

Cisco Releases Patch for SD-WAN, Cloud License Manager Products

Recent updates to Cisco’s SD-WAN and Cloud License Manager products have been released to address remotely exploitable buffer overflow and command injection vulnerabilities. The following SD-WAN products are vulnerable to CVE-2021-1300 and CVE-2021-1301:

  • IOS XE SD-WAN Software
  • SD-WAN vBond Orchestrator Software
  • SD-WAN vEdge Cloud Routers
  • SD-WAN vEdge Routers
  • SD-WAN vManage Software
  • SD-WAN vSmart Controller Software

CVE-2021-1138, CVE-2021-1140, and CVE-2021-1142 affect versions 5.1.0 and below of Cisco Smart Software Manager Satellite. Newer versions of this software have been renamed to Cisco Smart Software Manager On-Prem.

All of the vulnerabilities listed above were found by Cisco through internal testing and no evidence of exploitation of these vulnerabilities in the wild has been found.


Cisco has provided a helpful table in their security advisory for which SD-WAN updates to apply for each product. Cisco Smart Software Manager Satellite has been renamed to Cisco Smart Software Manager On-Prem and addresses the command injection vulnerabilities with version 6.3.0. Binary Defense highly recommends administrators update these products as soon as possible.