Cisco on Wednesday released patches for several critical and high-severity vulnerabilities affecting its SD-WAN, DNA Center, TelePresence, StarOS, RV router, Prime Service Catalog, and Meeting Server products.
According to Cisco, the Digital Network Architecture (DNA) Center is affected by a critical vulnerability that allows a network attacker to bypass authentication and access critical internal services.
The company’s SD-WAN solution, specifically its command-line interface (CLI), is affected by a critical flaw that can be exploited by a local attacker to elevate privileges to root and change the system configuration.
SD-WAN is also affected by a high-severity vulnerability that allows privilege escalation through the vManage web-based user interface. The same product has also been found to be impacted by a high-severity issue that allows a remote, authenticated attacker to execute commands with root privileges.
A “high” severity rating has also been assigned to denial-of-service (DoS) issues in the StarOS operating system and several RV routers. These weaknesses can be exploited remotely without authentication.
Other high-severity vulnerabilities patched by Cisco this week include cross-site request forgery (CSRF) in the Prime Service Catalog software, and command injections in Meeting Server and some TelePresence software.
Cisco has also fixed over a dozen medium-severity issues in Wide Area Application Services, RV routers, Prime Service Catalog, Prime Infrastructure Virtual Domain, Integrated Management Controller, Email Security Appliance, Security Manager, and Enterprise Chat and Email.
Cisco says it has seen no evidence that any of these flaws have been exploited for malicious purposes. Many of the security holes were discovered by Cisco itself during internal security testing.
Related: Cisco Patches Critical Vulnerability in Data Center Switches
Related: Several Vulnerabilities Found in Cisco Industrial Network Director
Related: Cisco Patches High Severity Vulnerabilities in IP Phones
Related: Cisco Patches Critical Vulnerability in Wireless Routers
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
Latest News
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Amazon Settles Ring Customer Spying Complaint
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
