Contact

DataEndure | Managed Cybersecurity. It's about time.

Under Attack?
Home > Security Advisories > Security Advisories: Cisco and Chrome release updates

Security Advisories: Cisco and Chrome release updates

Cisco has released updates to patch multiple vulnerabilities in their SD-WAN Solution software

Situation
Cisco has released updates to patch multiple vulnerabilities in their SD-WAN Solution software.  There are Privilege Escalation, Command Injection and Buffer Overflow vulnerabilities in the SD-WAN Solution software.

Problem
Cisco has found multiple vulnerabilities in its SD-WAN Solution software that include Privilege Escalation, Command Injection, and Buffer Overflow in the environment.

Implication 
If the vulnerabilities are left unpatched or are exploited before patching a remote attacker could compromise the environment and any networks connected by injecting code to escalate privilege or by sendinf crafted traffic to the device and cause the device to leak secured information.

Need
Cisco has released software updates and Cisco customers should install these updates as soon as possible. Customers that purchased Cisco devices from authorized resellers and are not able to obtain the software patches should reach out to Cisco TAC for support and downloads.

https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

For detailed information on this issue please review below links.

CiSA Release information

https://www.us-cert.gov/ncas/current-activity/2020/03/19/cisco-releases-security-updates-sd-wan-solution-software

Cisco SD-WAN Solution Privilege Escalation Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwpresc-ySJGvE9

Cisco SD-WAN Solution Command Injection Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwclici-cvrQpH9v

Cisco SD-WAN Solution Buffer Overflow Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanbo-QKcABnS2
Google has released Chrome version 80.0.3987.149 for Windows, Mac, and Linux.

Situation
Google has released Chrome version 80.0.3987.149 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

Problem
This update includes 13 security fixes. One of them being a high severity vulnerability (CVE-2020-6426) that patches insufficient policy enforcement in extensions.

Implication
Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser, perform unauthorized actions, or cause denial-of-service conditions.

Need
It is advised to update your Google Chrome browser to version 80.0.3987.149 as soon as possible.

For more information go to:
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html

 

soc-as-a-service ebook

NEW BLOG:Seeing the Bigger Picture: Achieving Digital Resilience
+ +