Cisco issued 23 Security Advisories that describe 25 exposures in its IOS and IOS XE systems Credit: peshkov / Getty / Negative Space Cisco has unleashed an extensive new round of security warnings – three of them “critical” – mostly for users of its iOS XE software and industrial router family. In total, Cisco issued 23 Security Advisories that describe 25 exposures in its IOS and IOS XE systems. Beyond the three critical advisories, 20 have a “High” impact rating. Cisco said that one vulnerability affects Cisco IOS, IOS XE, IOS XR, and NX-OS Software. Five vulnerabilities affect both Cisco IOS and IOS XE Software. Six vulnerabilities affect Cisco IOS Software and 10 affect Cisco IOS XE Software. Three vulnerabilities affect the Cisco IOx application environment. A number of the warnings are for a command-injection vulnerability” that would let an attacker execute commands on the impacted OS. Cisco has released free software updates that fix the critical warnings issued this week. The company also said customers can use the Cisco Software Checker to search for critical or high rated advisories. The critical warnings include: A vulnerability rated at 9.8 out of 10 on the Common Vulnerability Scoring System in the authorization controls for the Cisco IOx application-hosting infrastructure in Cisco IOS XE software could let an unauthenticated, remote attacker obtain an authorization token and execute any of the IOx API commands on an affected device. The vulnerability is due to incorrect handling of requests for authorization tokens. An attacker could exploit this vulnerability by using a crafted API call to request such a token. Multiple weaknesses rated at 9.8 on the CVSS in Cisco IOS software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could let an unauthenticated, remote attacker or an authenticated local attacker execute arbitrary code on an affected system or cause an affected system to crash and reload. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 9700 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer-overflow condition may occur, Cisco stated. A vulnerability rated at 8.8 on the CVSS in the implementation of the inter-VM channel of Cisco IOS software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISR) and Cisco 1000 Series Connected Grid Routers (CGR1000) could let an attacker execute arbitrary commands in the context of the Linux shell of the virtual device server (VDS) with the privileges of the root. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. The vulnerability is due to insufficient validation of signaling packets that are destined to the VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device, Cisco stated. Related content analysis Network automation challenges are dampening success rates Most enterprises are juggling multiple commercial, open source, and homegrown network automation tools, and few are reporting fully successful automation initiatives. By Denise Dubie Mar 28, 2024 6 mins Data Center Automation Network Management Software Network Monitoring news SD-WAN, SASE outpace MPLS investments: survey SD-WAN and SASE technologies are becoming mainstream and MPLS usage is on the decline, according to survey results from SASE vendor Aryaka. By Denise Dubie Mar 28, 2024 4 mins SASE MPLS Network Management Software analysis Beware the gap between security readiness and confidence levels, Cisco warns Companies need greater network segmentation, sandboxes, firewalls, and anomaly detection to fight attackers, according to Cisco's 2024 Cybersecurity Readiness Index. By Michael Cooney Mar 27, 2024 6 mins SASE Network Security Networking analysis Cisco: AI tools, better workspaces would boost in-office appeal Office environments need to change to foster collaboration, and employers need to close the AI skills gap, Cisco reports in its hybrid work study. By Michael Cooney Mar 27, 2024 3 mins Generative AI Careers Networking PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe