Cisco fixes three high-severity vulnerabilities in its software-defined networking for wide-area network (SD-WAN) solutions for business users. If exploited, the flaws could enable bad actors to execute commands with root privileges on affected systems. To exploit the vulnerabilities attackers need to first be local and authenticated. The three flaws are located in various Cisco hardware and software products running the company s software earlier than Release 19.2.2 (the fixed release) Hardware includes vBond and vSmart controllers, vManage Network Management system and vEdge Orchestrator software.
Source: https://threatpost.com/cisco-warns-of-high-severity-sd-wan-flaws/153942/