Important security updates close several gaps in Cisco’s network operating system IOS and other software.
Attackers could attack Cisco switches and wireless controllers, among other things, and use them to disrupt services. For the majority of the gaps, the threat level is “high“. Network admins should study the warning messages linked below this message and install the available security patches in a timely manner.
DoS attacks and worse
Due to errors in the processing of, for example, DHCP and Common Industrial Protocol (CIP) packets, remote attackers could send manipulated requests and, for example, cause vulnerable devices to restart via a DoS attack. Catalyst 9800 Series Wireless Controllers and Embedded Wireless Controllers on Catalyst Access Points are specifically threatened.
Ironically, a bug in the self-healing feature of IOS XE embedded wireless controllers can let attackers on Catalyst-series access points. There they could run unspecified commands to gain root privileges for the system.
Verifying digital signatures in the context of system image files fails and attackers could load unsigned software on Catalyst 9200 switches. According to Cisco, however, they would need physical access to devices or access to a root shell.
In addition, attackers could bypass authentication in various Cisco software or access data that is actually isolated.
List sorted by threat level in descending order:
- Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points UDP Processing Denial of Service
- Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family DHCP Processing Denial of Service
- Cisco Wireless LAN Controller AireOS Software FIPS Mode Denial of Service
- Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service
- Cisco IOS and IOS XE Software Common Industrial Protocol Request Denial of Service
- Cisco IOS XE Software for Catalyst Switches MPLS Denial of Service
- Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Mobility Denial of Service
- Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation
- Cisco SD-WAN Software Privilege Escalation
- Cisco IOS and IOS XE Software SSH Denial of Service
- Cisco IOS XE Software IPv6 VPN over MPLS Denial of Service
- Cisco Catalyst 9100 Series Access Points Association Request Denial of Service
- Cisco SD-WAN Software Arbitrary File Corruption
- Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure
- Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution
- Cisco Duo for macOS Authentication Bypass
- Cisco IOS XE Software Web UI Command Injection
- Cisco Software-Defined Application Visibility and Control on Cisco vManage Authentication Bypass
- Cisco Software-Defined Application Visibility and Control on Cisco vManage Static Username and Password
- Cisco IOS XE ROM Monitor Software for Catalyst Switches Information Disclosure
- Cisco SD-WAN Arbitrary File Deletion