Cisco has patched 26 High severity Cisco IOS and IOS XE software vulnerabilities for multiple network products. The company also patched one Catalyst 9200 switch vulnerability and two Cisco Aironet Access Point security bugs.
As a result, a remote attacker could potentially exploit some of these vulnerabilities to take control of an impacted device or cause a denial of service (DoS).
Cisco IOS and IOS XE software
In all, Cisco patched quite a number (26) High severity Cisco IOS and IOS XE software vulnerabilities that affect a wide range of network products and issues.
Here is a summary of the High severity issues patched by Cisco on September 24:
Aironet Access Points
Also, Cisco patched 2 Aironet Access Point vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS).
Those Aironet DoS vulnerabilities include:
|Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability||CVE-2020-3552|
|Cisco Aironet Access Points UDP Flooding Denial of Service Vulnerability||CVE-2020-3560|
The Aironet ethernet wired DoS vulnerability CVE-2020-3552 affects Aironet 1540, 1560, 1810, 1815, 1840, 1850, 2800 and 3800 Series APs, that provide network access to wired clients and are also configured for 802.1q tagging.
For the second Aironet UDP Flooding DoS vulnerability CVE-2020-3560, Cisco warns that “a successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition.”
Cisco also patched one Cisco Catalyst 9200 switch vulnerability that could allow an unauthenticated, remote attacker to crash the device:
Finally, Cisco also patched 13 Medium rated vulnerabilities for IOS, IOS XE or Aironet software and multiple network products.
Check out the latest Cisco advisories as of September 24, 2020. System and Network administrators should deploy security updates to affected devices as soon as possible.
- Cisco patches Critical Jabber RCE vulnerability (CVE-2020-3495) and 15 other security fixes
- Cisco warns of IOS XR zero-day vulnerability exploit in the wild (CVE-2020-3566)
- Alert: Threat actors continue to exploit patched Pulse Secure VPN devices
- Organizations need heightened level of Enterprise VPN security in the wake of Coronavirus Pandemic