Switchzilla says remote networking gear has a grab-bag of holes
Cisco has issued a series of security updates for its SD-WAN and Webex software, just when they're most needed.
Switchzilla says the SD-WAN code is host to five vulnerabilities ranging from privilege escalation to remote code injection. The five CVE-listed bugs (CVE-2020-3264, CVE-2020-3265, CVE-2020-3266, CVE-2019-16010, CVE-2019-16012) are down to what Cisco calls "insufficient input validation," and the avenues to exploit it range from SQL to HTTP requests.
"An attacker could exploit this vulnerability by sending crafted traffic to an affected device," Cisco said in one of the disclosures.
"A successful exploit could allow the attacker ..
Support the originator by clicking the read the rest link below.
