Cisco announced 26 vulnerabilities in over the last two days, including two critical flaws affecting core equipment that could grant attackers an avenue into networks.
The vulnerabilities CVE-2019-1625 and CVE-2019-1848 were a Cisco SD-WAN Solution privilege escalation vulnerability and a Cisco DNA Center authentication bypass vulnerability, respectively.
The privilege escalation vulnerability, CVE-2019-1625, is caused by insufficient authorization enforcement and could allow the attacker to make configuration changes to the system as the root user.
The authentication bypass vulnerability, CVE-2019-1848, is caused by insufficient access restriction to ports necessary for system operation and could allow an attacker to reach internal services that are not hardened for external access.
Cisco also notified users of a remote command execution vulnerability in several of its routers that can allow a remote attacker to execute arbitrary code on an affected device.