Cisco issues urgent fixes for SD-WAN router flaws

By John E Dunn, Sophos

March 23, 2020

Cisco has patched a clutch of high-priority vulnerabilities in its SD-WAN routes and their management software that admins will want to apply as soon as possible.

SD-WAN is a technology that allows large companies to manage different types of Wide Area Network (WAN) communications links such as carrier MPLS, conventional broadband, and mobile 4G as a single virtual entity.

Making SD-WAN work requires specific routers that support it, spread out across the WAN, as well as management software to interact with this infrastructure. It is this software that is vulnerable.

There are five CVEs in total, three of which are rated high, including one, CVE-2020-3266, given a CVSS severity score of 7.8.

The latter is a privilege escalation vulnerability in the SD-WAN management software used with a range of Cisco routers, including the vEdge 100 Series, 1000 Series, 2000 Series, 5000 Series, and Cloud Router.

Terms of Use | Copyright © 2002 - 2020 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement