Security Alert (A18-09-07): Multiple Vulnerabilities in Cisco Products


 

Published on: 28 September 2018

  
  

Description:

Cisco has released 21 security advisories fixing a number of vulnerabilities in Cisco IOS and IOS XE software. A remote attacker could exploit the vulnerabilities by sending a specially crafted packets, frames or messages to an affected system. An authenticated local attacker could bypass authentication or exploit the vulnerabilities by injecting commands, or uploading a malicious software image or file to an affected system.

 

Affected Systems:

  • Cisco products running Cisco IOS or IOS XE Software

 

Impact:

Depending on the vulnerabilities exploited, a successful attack could lead to privileges escalation, arbitrary commands execution, security control bypass, denial of service or system reload on an affected device.

 

Recommendation:

Patches for affected systems are now available. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. For detailed information of the available patches, please refer to the section "Fixed Software" of corresponding security advisory at vendor's website.

Users should contact their product support vendors for the fixes and assistance.

 

More Information:

https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-69981
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-catalyst6800
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cdp-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cdp-memleak
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cmp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-digsig
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipsec
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipv6hbh
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ir800-memwrite
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-macsec
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ospfv3-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-privesc
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ptp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-shell-access
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-sip-alg
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-sm1t3e3
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-tacplus
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-vtp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webdos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webuidos
https://www.hkcert.org/my_url/en/alert/18092701
https://www.us-cert.gov/ncas/current-activity/2018/09/26/Cisco-Releases-Security-Updates-Multiple-Products
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15377

 



Tag: Cisco , Cisco IOS
Tags