Cisco patches SD-WAN flaw amid evidence of active exploitation (opens in new tab)

Cisco has released fixes for a vulnerability in its Catalyst SD-WAN Manager software after becoming aware of limited exploitation of the flaw, which could allow an authenticated attacker to create or overwrite files that may later be used to gain root privileges. The vulnerability, tracked as – Cisco said the flaw stems from insufficient validation of user-supplied input during a file upload process. An authenticated remote attacker with valid credentials and at least write access could explo...