Cisco has fixed critical SD-WAN vManage and HyperFlex HX software security flaws that could enable remote attackers to execute commands as root or create rogue admin accounts.

Cisco SD-WAN vManage Software vulnerabilities could enable unauthenticated, remote attackers to execute arbitrary code or access sensitive information.

They could also be exploited locally by authenticated local attackers to gain escalated privileges or unauthorized access to an application vulnerable to attacks.

The Cisco HyperFlex HX security bugs make it possible for remote attackers to perform command injection attacks.

The company also issued security updates to address high and medium severity vulnerabilities in multiple other software products that allow attackers to execute arbitrary code remotely, escalate privileges, trigger denial of service conditions, and more.

More information on vulnerabilities and updates is available in Cisco security advisories – cisco.com.

Source: bleepingcomputer.com