March 28, 2024 at 09:12AM
Cisco announced patches for multiple high-severity vulnerabilities in IOS and IOS XE software, including denial-of-service risks, privilege escalation, command injection, and protection bypass issues. The flaws could be exploited without authentication, potentially leading to serious consequences if not addressed promptly. Additional details can be found on Cisco’s security advisories page.
Based on the meeting notes, the key takeaways are:
1. Cisco announced patches for multiple high-severity vulnerabilities in various IOS and IOS XE software components, including LISP, SD-Access, IKEv1, DHCP snooping, mDNS gateway, OSPFv2, and IS-IS protocol.
2. These vulnerabilities could be exploited by adjacent or remote attackers without authentication by sending crafted packets or requests, potentially leading to denial-of-service (DoS) conditions or privilege escalation.
3. A separate vulnerability affecting AP software allows unauthenticated, physical attackers to load modified software images by bypassing secure boot procedures.
4. Cisco also released patches for seven medium-severity flaws impacting IOS XE software, Catalyst Center, and Aironet AP software, which could lead to privilege escalation, command injection, protection bypasses, and DoS conditions.
5. Users are strongly advised to patch their devices promptly, considering the potential exploitation of these vulnerabilities by attackers.
6. Cisco has not observed any of these vulnerabilities being exploited in the wild.
For more detailed information, please refer to Cisco’s security advisories page.