Cisco Releases Security Advisories for Multiple Products

Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote cyber threat actor could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisories and apply the necessary updates:

• Cisco IOS XE Software Virtual Fragmentation Reassembly Denial of Service Vulnerability cisco-sa-ipv4-vfr-dos-CXxtFacb
• Cisco IOS XE Software IOx Application Hosting Environment Privilege Escalation Vulnerability cisco-sa-iox-priv-escalate-Xg8zkyPk
• Cisco IOS XE SD-WAN Software Command Injection Vulnerability cisco-sa-ios-xe-sdwan-VQAhEjYw
• Cisco IOS XE Software Fragmented Tunnel Protocol Packet Denial of Service Vulnerability cisco-sa-ios-gre-crash-p6nE5Sq5
• Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability cisco-sa-ios-dhcpv6-dos-44cMvdDK
• Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability cisco-sa-ewlc-dos-wFujBHKw
• Cisco DNA Center Privilege Escalation Vulnerability cisco-sa-dnac-privesc-QFXe74RS
• Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass Vulnerability cisco-sa-c9300-spi-ace-yejYgnNQ
• Cisco Access Point Software Association Request Denial of Service Vulnerability cisco-sa-ap-assoc-dos-D2SunWK2

For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

Please share your thoughts. We recently updated our anonymous Product Feedback Survey; we’d welcome your feedback.
 

Source link