Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software

Networking machines maker Cisco Techniques has rolled out patches to tackle a few critical security vulnerabilities in its IOS XE network operating system that remote attackers could perhaps abuse to execute arbitrary code with administrative privileges and trigger a denial-of-assistance (DoS) situation on vulnerable products.

The list of three flaws is as follows –

• CVE-2021-34770 (CVSS score: 10.) – Cisco IOS XE Software package for Catalyst 9000 Spouse and children Wireless Controllers CAPWAP Remote Code Execution Vulnerability
• CVE-2021-34727 (CVSS score: 9.8) – Cisco IOS XE SD-WAN Computer software Buffer Overflow Vulnerability
• CVE-2021-1619 (CVSS rating: 9.8) – Cisco IOS XE Program NETCONF and RESTCONF Authentication Bypass Vulnerability

The most severe of the issues is CVE-2021-34770, which Cisco calls a “logic mistake” that takes place through the processing of CAPWAP (Control And Provisioning of Wi-fi Entry Factors) packets that empower a central wi-fi Controller to deal with a team of wireless entry factors.

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

“An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an afflicted device,” the organization noted in its advisory. “A thriving exploit could allow the attacker to execute arbitrary code with administrative privileges or trigger the impacted gadget to crash and reload, resulting in a DoS issue.”

CVE-2021-34727, on the other hand, problems an inadequate bounds look at when accepting incoming network traffic to the unit, therefore permitting an attacker to transmit specially-crafted traffic that could result in the execution of arbitrary code with root-level privileges or cause the gadget to reload. 1000 Collection Integrated Companies Routers (ISRs), 4000 Series ISRs, ASR 1000 Series Aggregation Companies Routers, and Cloud Services Router 1000V Collection that have the SD-WAN function enabled are impacted by the flaw.

Lastly, CVE-2021-1619 relates to an “uninitialized variable” in the authentication, authorization, and accounting (AAA) purpose of Cisco IOS XE Application that could permit an authenticated, remote adversary to “put in, manipulate, or delete the configuration of a network gadget or to corrupt memory on the unit, ensuing a DoS.”

Also addressed by Cisco are 15 high-severity vulnerabilities and 15 medium-severity flaws impacting different components of the IOS XE software program as very well as Cisco Accessibility Details platform and Cisco SD-WAN vManage Software package. Users and directors are suggested to implement the vital updates to mitigate any probable exploitation risk by destructive actors.

Identified this posting attention-grabbing? Comply with THN on Facebook, Twitter  and LinkedIn to go through more unique content material we article.