Cisco has patched four vulnerabilities in these products, including XXE injection, privilege escalation, and authentication bypass. SD-WAN controllers using ports accessible via public networks are at increased risk of exploitation.
Cisco is aware of reports that the authentication bypass vulnerability has been exploited in a limited and targeted manner.