Cisco fixes critical pre-auth bugs in SD-WAN, cloud license manager

Cisco has released security updates to address pre-auth remote code execution (RCE) vulnerabilities affecting multiple SD-WAN products and the Cisco Smart Software Manager software.

SD-WAN are software products that help manage wide-area networks (WAN) while Smart Software Manager is a cloud-based management solution for Cisco licenses.

Unauthenticated attackers can remotely exploit buffer overflow and command injection bugs to execute arbitrary code or to run arbitrary commands on the underlying operating system of devices running vulnerable releases of SD-WAN and Cisco Smart Software Manager Satellite software.

Read more…
Source: Bleeping Computer