Security Alert (A18-09-07): Multiple Vulnerabilities in Cisco Products
28 September 2018
Cisco has released 21 security advisories fixing a number of vulnerabilities in Cisco IOS and IOS XE software. A remote attacker could exploit the vulnerabilities by sending a specially crafted packets, frames or messages to an affected system. An authenticated local attacker could bypass authentication or exploit the vulnerabilities by injecting commands, or uploading a malicious software image or file to an affected system.
Cisco products running Cisco IOS or IOS XE Software
Depending on the vulnerabilities exploited, a successful attack could lead to privileges escalation, arbitrary commands execution, security control bypass, denial of service or system reload on an affected device.
Patches for affected systems are now available. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. For detailed information of the available patches, please refer to the section "Fixed Software" of corresponding security advisory at vendor's website.
Users should contact their product support vendors for the fixes and assistance.