Not logged in » Login
Jan 26 2019

Alert: Critical Security Update for Cisco SD-WAN Solution

Internal security tests at networking colossus Cisco have revealed a vulnerability in the vContainer component of the company's SD-WAN Solution package. Dubbed CVE-2019-1651 on MITRE's Common Vulnerabilities and Exposures (CVE) list, it "could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user."

More specifically, the security hole is caused by improper bounds checking performed in vContainer, Cisco explains in its related security advisory. A remote attacker with valid credentials could exploit the vulnerability by sending a malicious file to an affected vContainer instance, which in turn may cause a buffer overflow that could result in a DoS condition and enable the adversary to execute arbitrary code as root.

While Cisco's security team has rated the vulnerability as critical, it "only" affects a limited number of SD-WAN Solution users, namely those who are running a Cisco-hosted vContainer for SD-WAN Solutions older than version 18.4.0. The company has already deployed a fix to affected customers with valid licenses and service contracts. So far, its experts are "not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." The "critical" rating is nonetheless well-deserved, mainly because no workarounds exist and because customers who do not hold service contracts or have obtained their SD-WAN Solution from third-party vendors may be unable to purchase fixed software at the original point of sale. These customers should contact regional offices of Cisco's Technical Assistance Center (TAC) for help.


Comments on this article

No comments yet.

Please Login to leave a comment.


Please login

Please log in with your Fujitsu Partner Account.


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now