Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cisco fixes 34 High-Severity flaws in IOS and IOS XE software

Cisco patched 34 high-severity flaws affecting its IOS and IOS XE software, some of them can be exploited by a remote unauthenticated attacker. Cisco on Thursday released security patches for 34 high-severity vulnerabilities affecting its IOS and IOS XE software. The IT giant issued 25 advisories as part of the September 2020 semiannual IOS and IOS […]

Cisco Catalyst

Cisco patched 34 high-severity flaws affecting its IOS and IOS XE software, some of them can be exploited by a remote unauthenticated attacker.

Cisco on Thursday released security patches for 34 high-severity vulnerabilities affecting its IOS and IOS XE software.

The IT giant issued 25 advisories as part of the September 2020 semiannual IOS and IOS XE Software Security Advisory Bundled Publication.

The company, in direct response to customer feedback, releases bundles of Cisco IOS and IOS XE Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year.

25 Security Advisories describe a total of 34 vulnerabilities in IOS Software and IOS XE Software.

Some of the issues can be exploited by a remote, unauthenticated attacker to trigger a denial-of-service (DoS) condition, and one flaw could also allow hackers to gain access to sensitive data.

The DoS flaws impacted the Common Open Policy Service (COPS) engine, incorrect packet processing, Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing, RESTCONF and NETCONF-YANG access control list functions, the LPWA subsystem in industrial routers, handling of DHCP messages, the Umbrella Connector component, the Flexible NetFlow version 9 packet processor, the IP Service Level Agreement (SLA) responder feature, the multicast DNS (mDNS) feature, the Zone-Based Firewall, and the Split DNS feature.

Two vulnerabilities can allow authenticated attackers with local access to the target devices to execute arbitrary code. One vulnerability can be exploited by an authenticated attacker to access some parts of the user interface they normally should not be able to access.

The most severe issues addressed by Cisco are:

Cisco IOS XE Software Privilege Escalation VulnerabilitiesCVE-2020-3141CVE-2020-3425High8.8
Cisco IOS XE Software Web UI Authorization Bypass VulnerabilityCVE-2020-3400High8.8

Many of the vulnerabilities were found by Cisco experts during internal assessment of the software.

Cisco confirmed that it has no evidence that the flaws have been exploited by threat actors in attacks in the wild.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, DoS)

[adrotate banner=”5″]

[adrotate banner=”13″]