cisco-sa-sdbufof-h5f5VSeL: Cisco SD-WAN Solution Software Buffer Overflow Vulnerability
First published: Wed Jul 29 2020(Updated: )
A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access, make changes to the system that they are not authorized to make, and execute commands on an affected system with privileges of the root user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdbufof-h5f5VSeL
Credit: by James Spadaro the Cisco Advanced Security Initiatives Group
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco SD-WAN vManage | >=19.3.0<=20.1.0<20.1.1=19.2.0<19.2.3>=18.3.0<=18.4.0<18.4.5 | 20.1.1 19.2.3 18.4.5 |
| Cisco SD-WAN | >=19.3.0<=20.1.0<20.1.1=19.2.0<19.2.3>=18.3.0<=18.4.0<18.4.5 | 20.1.1 19.2.3 18.4.5 |
| Cisco Standalone IOS XE SD-WAN Releases | =17.2<17.2.1r>=16.9=16.10=16.11<=16.12<16.12.4 | 17.2.1r 16.12.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-sdbufof-h5f5VSeL?
The vulnerability cisco-sa-sdbufof-h5f5VSeL has been assigned a high severity rating due to its potential to allow unauthorized access and cause a buffer overflow.
How do I fix cisco-sa-sdbufof-h5f5VSeL?
To mitigate the vulnerability cisco-sa-sdbufof-h5f5VSeL, update your Cisco SD-WAN Solution Software to the latest recommended version.
Which Cisco products are affected by cisco-sa-sdbufof-h5f5VSeL?
The cisco-sa-sdbufof-h5f5VSeL vulnerability affects Cisco SD-WAN vManage, vEdge, vBond, vSmart Software, and IOS XE SD-WAN Software.
Can an attacker exploit cisco-sa-sdbufof-h5f5VSeL remotely?
Yes, the cisco-sa-sdbufof-h5f5VSeL vulnerability can be exploited by an unauthenticated remote attacker.
What causes the cisco-sa-sdbufof-h5f5VSeL vulnerability?
The cisco-sa-sdbufof-h5f5VSeL vulnerability is caused by insufficient input validation within the affected software.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/title
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco sd-wan vmanage
- version/cisco sd-wan vmanage/19.3.0
- version/cisco sd-wan vmanage/20.1.0
- version/cisco sd-wan vmanage/19.2.0
- version/cisco sd-wan vmanage/18.3.0
- version/cisco sd-wan vmanage/18.4.0
- canonical/cisco sd-wan
- version/cisco sd-wan/19.3.0
- version/cisco sd-wan/20.1.0
- version/cisco sd-wan/19.2.0
- version/cisco sd-wan/18.3.0
- version/cisco sd-wan/18.4.0
- canonical/cisco standalone ios xe sd-wan releases
- version/cisco standalone ios xe sd-wan releases/17.2
- version/cisco standalone ios xe sd-wan releases/16.9
- version/cisco standalone ios xe sd-wan releases/16.10
- version/cisco standalone ios xe sd-wan releases/16.11
- version/cisco standalone ios xe sd-wan releases/16.12