Network Security, Patch/Configuration Management, Vulnerability Management

Cisco patches remote code execution flaws in IOS and IOS XE


Cisco released a series of updates to address vulnerabilities affecting its IOS and IOS XE products one of which could have allowed remote code execution in both products.

Other issues affecting both systems included an internet key exchange denial-of-service vulnerability and a plug-and-play PKI API certificate validation vulnerability, according to a Sept 27, US-CERT alert post.

“US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates,” the post said.

Updates for IOS XE addressed a web UI privilege escalation vulnerability, a web UI REST API authentication bypass vulnerability, a wireless controller manager denial-of-service vulnerability, and a software locator/ID Separation protocol authentication bypass vulnerability among others.

The IOS updates included patches which addressed a common industrial protocol request denial-of-service vulnerabilities, a network address translation denial-of-service vulnerability, and a Cisco Industrial Ethernet switches PROFINET denial-of-service vulnerability.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.