The giant IT Cisco has disclosed multiple vulnerabilities in its products of Webex, SD-WAN, and ASR 5000 software which could let the attackers execute arbitrary code and for the good part, Cisco has released fixes for a wide range of these critical vulnerabilities.
Release notes
CVE-2021-1526
This is addressed for the memory corruption issue where the exploiters can execute arbitrary code on the targeted systems. The flaw could be abused through rigged Webex Recording Format (WRF) files.
Affected versions: This would impact Cisco Webex Player for Windows and macOS releases before version 41.5, this doesn’t look to impact the Webex Network Recording Player.
CVE-2021-1502 and CVE-2021-1503
This release is given against memory corruption bugs on Webex Network Recording Player and Webex Player both on Windows and macOS. These could again cause the Hackers to exploit arbitrary code execution on the affected systems.
Affected Versions: Webex Network Recording Player and Webex Player releases 41.4 and later.
CVE-2021-1528
This patch is quoted as a high risk (CVSS score of 7.8) issue in SD-WAN software it is addressed against the vulnerability that could cause the exploiters to gain elevated privileges on a vulnerable system.
Affected version: The bug impacts SD-WAN versions 20.4 and 20.5 (vBond Orchestrator, vEdge Cloud and vEdge Routers, vManage, and vSmart Controller) and was addressed with the release of SD-WAN versions 20.4.2 and 20.5.1.
Nodes on the other patches
Cisco has released all its patches on the discovered vulnerabilities here this includes release hotfix on ASR 5000 series software (StarOS) which could allow the attacker to bypass authorization and execute CLI commands on an affected machine. The most important of these flaws is CVE-2021-1539 (CVSS score of 8.1).
These vulnerabilities are categorized from medium-risk to high risks based on the impacts it causes on various portfolios. This included Webex Meetings, Webex Player, ThousandEyes Recorder, Video Surveillance 7000 series IP cameras, and Common Services Platform Collector (CSPC).
Cisco is still investigating the impact of these issues and it is believed that we will see more fixes as and when they find the issues.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
