Cisco has released security updates to address a critical pre-authentication remote code execution (RCE) vulnerability affecting SD-WAN vManage Software’s remote management component. The company fixed two other high-severity security vulnerabilities in the user management (CVE-2021-1137) and system file transfer (Cisco) functions of the same product allowing attackers to escalate privileges on the underlying operating system. No security updates will be released since these devices have reached end-of-life.
Source: https://www.bleepingcomputer.com/news/security/cisco-fixes-bug-allowing-remote-code-execution-with-root-privileges/