Cisco patches three critical holes in IOS XE software

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Cisco has patched three critical security holes in its IOS XE software that’s used across a variety of its core routers and switches.

The three critical warnings are part of a big release of 32 security alerts, many of which are IOS XE-related, including firewall, SD-WAN and wireless access vulnerabilities.

Linux security: Cmd provides visibility, control over user activity

Of the critical patches, the worst is a weakness in the Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers; it’s rated as a 10 out of 10 on the Common Vulnerability Scoring System (CVSS).

The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device. CAPWAP is a networking protocol that lets users centrally manage wireless access points.

A successful exploit could allow the attacker

Read the article