Cisco Systems has fixed three high-severity vulnerabilities in its software-defined networking for wide-area network (SD-WAN) solutions for business users. If exploited, the flaws could enable bad actors to execute commands with root privileges on affected systems. To exploit the vulnerabilities attackers need to first be local and authenticated.

The three flaws are located in various Cisco hardware and software products running the company’s SD-WAN software earlier than Release 19.2.2 (the fixed release). Hardware includes the company’s SD-WAN solutions: vBond and vSmart controllers (which implements network connectivity), the vManage Network Management system (the centralized management platform) and the vBond Orchestrator software (which performs authentication of all elements in the network). Also affected are various vEdge routers, and the corresponding vEdge cloud router platform.

“The Cisco Product Security Incident Response Team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory,” according to Cisco’s Wednesday advisory.