Cisco has patched three new High risk IOS, IOS XE and IOS XR software vulnerabilities in multiple network products.
As a result, a remote attacker could potentially exploit some of these vulnerabilities to cause a denial of service (DoS) condition.
IOS and IOS XE DoS vulnerabilities
Cisco provided new updates on November 12 for two High severity patches that affect the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software.
Cisco warned the first patched vulnerability CVE-2020-3409 “could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device.”
The second vulnerability CVE-2020-3512 impacts the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS and IOS XE software. As a result, a hacker could also cause systems to crash.
Cisco IOS XR DoS vulnerability
Cisco also patched a High severity Cisco IOS XR DoS vulnerability CVE-2020-26070 that impacts Cisco ASR 9000 Series Aggregation Services Routers.
“The vulnerability is due to improper resource allocation when an affected device processes network traffic in software switching mode (punted). An attacker could exploit this vulnerability by sending specific streams of Layer 2 or Layer 3 protocol data units (PDUs) to an affected device,” Cisco stated in the advisory.
Cisco further added a successful exploit could cause an impacted device to run out of buffer resources and result in DoS condition.
Readers can check out the latest Cisco advisories as of November 13, 2020. System and Network administrators should deploy security updates to affected devices as soon as possible.