CVE-2021-1461

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN Software versions (affected versions not specified)

Description: A vulnerability in the Image Signature Verification feature could allow an authenticated, remote attacker with Administrator-level credentials to install a malicious software patch on an affected device. The issue is due to improper verification of digital signatures for patch images. An attacker could exploit this by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.

Recommendations: For all affected versions, update to the latest software version released by Cisco that addresses this issue. At the moment, there is no information about specific steps for each version, but applying the software update from Cisco is the recommended resolution.