Cisco developers have fixed a number of critical vulnerabilities in the IOS XE. Bugs could be used to remotely execute arbitrary code, denial of service, or change the configuration of a vulnerable device.
The most serious of these problems was CVE-2021-34770, which scored 10 out of 10 on the CVSS vulnerability rating scale. This vulnerability could allow remote code execution on a device, without authentication and with administrator rights. The vulnerability is related to the operation of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol and can also be used to provoke a denial of service (DoS).
The bug affects Catalyst 9300, 9400, and 9500 switches, Catalyst 9800 and 9800-CL controllers, and embedded wireless controllers on Catalyst access points.
The second most serious vulnerability, CVE-2021-34727 (9.8 on the CVSS scale), is a buffer overflow in IOS XE SD-WAN that can be exploited by a remote attacker (without authentication) to execute arbitrary commands with root privileges or provoke denial of service.
This issue poses a threat to 1000 and 4000 series ISR routers, 1000 series ASR routers, and 1000V series cloud service routers.
The third critical vulnerability in IOS XE, fixed this week, CVE-2021-1619 (also 9.8 on the CVSS scale), is related to the AAA (Authentication, Authorization and Accounting) functions of IOS XE. The error allows a remote and unauthenticated attacker to send NETCONF or RESTCONF requests to bypass authentication, change device configuration, or trigger a denial of service.
The company stressed that Cisco has not yet known cases of exploitation of these problems by hackers.
Catch up on more stories here
Follow us on Facebook here