The exposure , describe as CVE-2021 - 1459 and excited by designed HTTP request , could be ill-used to do arbitrary encrypt with root word prerogative . IOS XE SD - WAN software , SD - WAN cEdge router , South Dakota - WAN vBond Orchestrator software program , SD - WAN vEdge router , and SD - WAN vSmart Controller software program are all affect , allot to Cisco . Cisco ’s help oneself foliate make boost selective information on each of the vulnerability hash out a Website . The Cisco Small Business RV110W , RV130 , RV130W , and RV215W Routers have make the finish of their sprightliness bicycle , harmonise to the companion . “ Cisco has not discharge and will not freeing software system update to fixate the exposure key in this consultive , ” say the company . Cisco likewise pronounce it is n’t aware of any vulnerability that have been ill-use in the rampantly . There cost no workarounds usable , grant to the fellowship , which has let go of software update to localization the blemish . accord to Cisco , an aggressor who successfully exploit the security measure fault would be able to “ rill arbitrary codification on the rudimentary control organisation with etymon favour . ” The vulnerability , which can be victimised by documented aggressor , could tip to the escalation of exclusive right to take root . Cisco too bring out advisory draft metier - severity bug in IOS XR , Webex Meetings for Android , Webex Meetings , Cisco Umbrella , Dual WAN Gigabit VPN router , Unified Intelligence Center practical application , Unified CM , and Unified CM SME . In SD - WAN vManage , the microbe was unsex alongside two gamey rigor pinnacle of favour vulnerability , each with a CVSS mark of 7.8 . The vital hemipterous insect , distinguish as CVE-2021 - 1479 with a CVSS sexual conquest of 9.8 , subsist imputable to inappropriate validation of substance abuser - provide stimulant and could enable an aggressor to cause a pilot flood by post a intentional associate quest to SD - WAN vManage ’s remote management part . coordinated Communications Manager ( Unified CM ) and Advanced Malware Protection ( AMP ) for Endpoints Windows Connector , ClamAV for Windows , and Immunet were also piece for senior high school - gamble fault . respective in high spirits - hardness blemish in the tech hulk ’s Small Business RV series router may be clapperclaw to run for arbitrary overlook , accomplish inscribe , leak out memory , or trigger off disaffirmation - of - Robert William Service experimental condition . Cisco , on the early turn over , divulge that it would not be unloose ready for a important exposure . The network - free-base management user interface of the RV110W , RV130 , RV130W , and RV215W belittled concern router , which have get into terminate - of - spirit , have a vulnerability . RV110W Wireless - N VPN firewall , RV130 VPN router , RV130W Wireless - N multifunction VPN router , and RV215W Wireless - N VPN router are all bear on by the exposure .