Skip to Main Content

CISCO Security Release Update

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Cisco IOx for IOS XE Software Privilege Escalation Vulnerability

A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization.

The vulnerability is due to incorrect handling of requests for authorization tokens. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Critical

Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability

This vulnerability could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. 

A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user that affects the inter-VM channel may lead to a complete system compromise.

Critical

Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload.

Critical
Cisco IOS XE Software Web UI Command Injection Vulnerability High
Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability High
Cisco IOS and IOS XE Software Simple Network Management Protocol Denial of Service Vulnerability High

More vulnerabilities of the advisory is available at the following link: 

Tags