CVE-2021-1278

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN vBond Orchestrator versions (affected versions not specified) Cisco SD-WAN vEdge Cloud Routers versions (affected versions not specified) Cisco SD-WAN vEdge Routers versions (affected versions not specified) Cisco SD-WAN vSmart Controller versions (affected versions not specified) Cisco SD-WAN vManage versions (affected versions not specified)

Description The issue exists due to insufficient input validation in the symbolic link creation function of the Cisco SD-WAN software. This could allow a remote attacker to cause a denial of service. Multiple vulnerabilities in Cisco SD-WAN products may allow an unauthenticated, remote attacker to execute denial of service attacks against an affected device.

Recommendations For Cisco SD-WAN vBond Orchestrator, update to a version that includes the fix for this issue. For Cisco SD-WAN vEdge Cloud Routers, update to a version that includes the fix for this issue. For Cisco SD-WAN vEdge Routers, update to a version that includes the fix for this issue. For Cisco SD-WAN vSmart Controller, update to a version that includes the fix for this issue. For Cisco SD-WAN vManage, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the affected devices until a patch is available.