Cisco’s IOS XE software for SD-WAN routers has a high-severity insufficient input validation flaw. Cisco has patched a high-severity vulnerability in its router software, which if exploited could enable a local, authenticated attacker to execute arbitrary commands with root privileges. The flaw exists in Cisco IOS XE. This Linux-based version of Cisco’s Internetworking Operating System (IOS) is used in Cisco software-defined wide area network (SD-WAN) routers. Affected routers include the Aggregation Services Routers (ASR) 1000 models, Integrated Services Routers (ISR) 1000 models, ISR 4000 models and Cloud Services Router 1000V models. These are all used by small businesses and enterprises alike.
Source: Threatpost
