The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 9700 of an affected device.
Cisco ios xe architecture software#
This is in addition to multiple weaknesses rated at 9.8 on the CVSS in Cisco IOS software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could let an unauthenticated, remote attacker or an authenticated local attacker execute arbitrary code on an affected system or cause an affected system to crash and reload. An attacker could exploit this vulnerability by using a crafted API call to request such a token. The vulnerability is due to incorrect handling of requests for authorisation tokens. The critical warnings include a vulnerability rated at 9.8 out of 10 on the Common Vulnerability Scoring System in the authorisation controls for the Cisco IOx application-hosting infrastructure in Cisco IOS XE software could let an unauthenticated, remote attacker obtain an authorisation token and execute any of the IOx API commands on an affected device. The vendor also said customers can use the Cisco Software Checker to search for critical or high rated advisories.
Cisco ios xe architecture free#
A number of the warnings are for a command-injection vulnerability” that would let an attacker execute commands on the impacted OS.Ĭisco has released free software updates that fix the critical warnings issued this week.
0 kommentar(er)
