Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software – Tempemail

IOS XE Software

Networking equipment maker Cisco Systems has rolled out patches to address three critical security vulnerabilities in its IOS XE network operating system that remote attackers could potentially abuse to execute arbitrary code with administrative privileges and trigger a denial-of-service (DoS) condition on vulnerable devices.

The list of three flaws is as follows –

  • CVE-2021-34770 (CVSS score: 10.0) – Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability
  • CVE-2021-34727 (CVSS score: 9.8) – Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability
  • CVE-2021-1619 (CVSS score: 9.8) – Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

The most severe of the issues is CVE-2021-34770, which Cisco calls a “logic error” that occurs during the processing of CAPWAP (Control And Provisioning of Wireless Access Points) packets that enable a central wireless Controller to manage a group of wireless access points.

“An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device,” the company noted in its advisory. “A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition.”

CVE-2021-34727, on the other hand, concerns an insufficient bounds check when accepting incoming network traffic to the device, thus allowing an attacker to transmit specially-crafted traffic that could result in the execution of arbitrary code with root-level privileges or cause the device to reload. 1000 Series Integrated Services Routers (ISRs), 4000 Series ISRs, ASR 1000 Series Aggregation Services Routers, and Cloud Services Router 1000V Series that have the SD-WAN feature enabled are impacted by the flaw.

Lastly, CVE-2021-1619 relates to an “uninitialized variable” in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software that could permit an authenticated, remote adversary to “install, manipulate, or delete the configuration of a network device or to corrupt memory on the device, resulting a DoS.”

Also addressed by Cisco are 15 high-severity vulnerabilities and 15 medium-severity flaws affecting different components of the IOS XE software as well as Cisco Access Points platform and Cisco SD-WAN vManage Software. Users and administrators are recommended to apply the necessary updates to mitigate any potential exploitation risk by malicious actors.

'+n+'...
'+a+"...
"}s+="http://thehackernews.com/",document.getElementById("result").innerHTML=s}}),t=!0)})}); //]]>

Try tempemail.co and you can view content, post comments or download something anonymously on Internet and anti virus to discover the whole new IT world. 10 minutes Tempemail – Also known by names like : 10minemail, 10minutemail, 10mins email, Tempemail 10 minutes, 10 minute e-Tempemail, 10min Tempemail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe.

Related Post