Cisco has fixed critical SD-WAN vManage and HyperFlex HX software security flaws that could enable remote attackers to execute commands as root or create rogue admin accounts. The company also issued security updates to address high and medium severity vulnerabilities in multiple other software products. The bugs are not dependent on one another and can be exploited locally by authenticated local attackers to gain escalated privileges or unauthorized access to an application vulnerable to attacks. Cisco’s Product Security Incident Response Team (PSIRT) said it’s not aware of active exploitation of these vulnerabilities in the wild.
Source: https://www.bleepingcomputer.com/news/security/cisco-bugs-allow-creating-admin-accounts-executing-commands-as-root/