Manoharan Mudaliar

Cyber Security Consultant

Cisco IOS XE SD-WAN Software Command Injection Vulnerability

Cisco IOS XE SD-WAN Software Command Injection Vulnerability

Cisco released security updates to mitigate a vulnerability in IOS XE SD-WAN solution software.

As per Cisco Security Advisories “An attacker could exploit this vulnerability to take control of an affected device”

Cisco has categorized High impact; hence it is advisable to review the Bug ID: CSCvs75505 and apply the required updates.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xesdwcinj-AcQ5MxCn

Sources:

The source of the bug reporting has credited to Julien Legras and Thomas Etrillard.

There are some interesting exploit examples, Please go through the exploit section.

https://www.synacktiv.com/category/exploit.html

https://www.synacktiv.com/posts/pentest/pentesting-cisco-sd-wan-part-1-attacking-vmanage.html

Posted in

Manoharan Mudaliar

Leave a Comment