Last week it emerged that Cisco Viptela’s SD-WAN problems persist. A high-severity insufficient input validation flaw was discovered within Cisco’s IOS XE software for SD-WAN routers.
While Cisco’s incident response team was unaware of any exploitation of the vulnerability, they acknowledged that a successful exploit could allow an attacker to execute commands with root or superuser privileges.
This incident is not isolated. Cisco’s IOS XE software has been plagued with security issues over the past few months:
- March 2020: Cisco issued 24 patches tied to IOS XE vulnerabilities as well as three high-impact and two medium-impact vulnerabilities affecting its routers and SD-WAN management, orchestration, and controller software.
- January 2020: Cisco released fixes for another high-severity vulnerability in the web user interface of Cisco IOS and Cisco IOS XE Software.
- August 2019: Cisco uncovered a critical remote authentication-bypass vulnerability with the highest possible severity level in the Cisco REST API virtual service container for Cisco IOS XE Software.
- July 2019: Cisco patched a high-severity vulnerability in IOS XE, which enabled remote attackers to reconfigure or execute commands.
With 20,000 customers around the world using Cisco’s Viptela and Meraki SD-WAN offerings, these bugs represent a significant threat.
Cisco Viptela’s SD-WAN Problems
The ongoing Cisco SD-WAN problems are likely related to the complexity of integrating what was previously standalone SD-WAN functionality — including data management — with Cisco’s proprietary switch, router, and firewall operating system.
According to Gartner’s Magic Quadrant for WAN Edge Infrastructure, Cisco’s SD-WAN, powered by Viptela on the IOS XE platform, has stability and scaling issues, as reported by Gartner clients and Cisco channels.
Some customers who have purchased Cisco ISR hardware during the past few years have informed Gartner that they had to upgrade their hardware platforms to support Viptela due to throughput limitations.
More Security Vulnerabilities Likely
Cisco has broad, separate, and overlapping SD-WAN offerings that don’t share a common management platform, hardware platform, or sales team. Given that Cisco IOS has a huge number of features to manage and maintain, it is likely that more security issues will crop up in the future.
If you’re an MSP that relies on high-performance, secure SD-WAN to deliver services to your clients, you need to ask yourself: can your company afford a security vulnerability that could damage your reputation irreparably?
Avoid Cisco Viptela’s SD-WAN problems and choose an SD-WAN solution that’s built for service providers.
Simplified SD-WAN for Service Providers
With Turnium SD-WAN, managed service providers can maintain control of the customer experience and ensure maximum security for their clients’ infrastructure.
Turnium’s packet-based link load balancing provides physical security against intercepts. This means that even if an attacker gained access to a single circuit, only a portion of the packets would be revealed, rendering the content useless. AES128/256 and Salsa20 encryption provide further levels of security.
Plus, Turnium is agnostic so it works with any core node server or edge infrastructure the service provider wants to use.
Skip Cisco Viptela’s SD-WAN problems and talk to us today.