[German]Cisco has released critical security updates for its IOS and IOS XE network operating systems. The updates close a total of 24 critical vulnerabilities in the products. It should therefore be patched promptly.
Advertising
Cisco released the information on Sept. 24, 2020 in the semi-annual security bulletin Cisco Event Response: September 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication . Cisco publishes Cisco IOS and IOS XE Software Security Advisory Bundled Publication on the fourth Wednesday of each month in March and September of each calendar year.
34 vulnerabilities closed
The Cisco IOS and IOS XE Software Security Advisory Bundled Publication, released September 24, 2020, contains 25 Cisco Security Advisories describing 34 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Of these vulnerabilities, 25 have a High Security Impact Rating (SIR).
Cisco has released software updates that address these vulnerabilities. To quickly determine whether a particular version of Cisco IOS or IOS XE software is affected by one or more vulnerabilities, customers can use the Cisco Software Checker.
- cisco-sa-iosxe-isdn-q931-dos-67eUZBTf, Cisco IOS and IOS XE Software ISDN Q.931 Denial of Service Vulnerability, CVE-2020-3511, High 7.4
- cisco-sa-profinet-J9QMCHPB, Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerability, CVE-2020-3409, High 7.4
- cisco-sa-ios-profinet-dos-65qYG3W5, Cisco IOS and IOS XE Software PROFINET Link Layer Discovery Protocol Denial of Service Vulnerability, CVE-2020-3512 , High 7.4
- cisco-sa-splitdns-SPWqpdGW, Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability, CVE-2020-3408, High 8.6
- cisco-sa-ios-lpwa-access-cXsD7PRA, Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability, CVE-2020-3426, High 7.5
- cisco-sa-xbace-OnCEbyS, Cisco IOS XE Software Arbitrary Code Execution Vulnerability, CVE-2020-3417, High 6.8
- cisco-sa-COPS-VLD-MpbTvGEW, Cisco IOS XE Software Common Open Policy Service Engine Denial of Service Vulnerability, CVE-2020-3526, High 8.6
- cisco-sa-le-drTOB625, Cisco IOS XE Software Ethernet Frame Denial of Service Vulnerability, CVE-2020-3465, High 7.4
- cisco-sa-iosxe-umbrella-dos-t2QMUX37, Cisco IOS XE Software for Catalyst 9200 Series Switches Umbrella Connector Denial of Service Vulnerability, CVE-2020-3510, High 8.6
- cisco-sa-iosxe-wlc-fnfv9-EvrAQpNX, Cisco IOS XE Software for Catalyst 9800 Series and Cisco AireOS Software for Cisco WLC Flexible NetFlow Version 9 Denial of Service Vulnerability, CVE-2020-3492, High 8.6
- cisco-sa-mdns-dos-3tH6cA9J, Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Multicast DNS Denial of Service Vulnerability, CVE-2020-3359, High 8.6
- cisco-sa-ISR4461-gKKUROhx, Cisco IOS XE Software for Cisco 4461 Integrated Services Routers Denial of Service Vulnerability, CVE-2020-3414, High 8.6
- cisco-sa-esp20-arp-dos-GvHVggqJ, Cisco IOS XE Software for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor IP ARP Denial of Service Vulnerability, CVE-2020-3508, High 7.4
- cisco-sa-iosxe-rsp3-rce-jVHg8Z7c, Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities, CVE-2020-3416, CVE-2020-3513, High 6.7
- cisco-sa-iosxe-dhcp-dos-JSCKX43h, Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers DHCP Denial of Service Vulnerability, CVE-2020-3509, High 8.6
- cisco-sa-ipsla-jw2DJmSv, Cisco IOS XE Software IP Service Level Agreements Denial of Service Vulnerability, CVE-2020-3422, High 8.6
- cisco-sa-ios-webui-priv-esc-K8zvEWM, Cisco IOS XE Software Privilege Escalation Vulnerabilities, CVE-2020-3141, CVE-2020-3425, High 8.8
- cisco-sa-confacl-HbPtfSuO, Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability, CVE-2020-3407, High 8.6
- cisco-sa-webui-auth-bypass-6j2BYUc7, Cisco IOS XE Software Web UI Authorization Bypass Vulnerability. CVE-2020-3400, High 8.8
- cisco-sa-zbfw-94ckG4G, Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities, CVE-2020-3421, CVE-2020-3480, High 8.6
- cisco-sa-capwap-dos-TPdNTdyq, Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities, CVE-2020-3486, CVE-2020-3487, CVE-2020-3488, CVE-2020-3489, CVE-2020-3493, CVE-2020-3494, CVE-2020-3497, High 7.4
- cisco-sa-capwap-dos-ShFzXf, Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability, CVE-2020-3399, High 8.6
- cisco-sa-iosxe-ewlc-snmp-dos-wNkedg9K, Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability, CVE-2020-3390, High 7.4
- cisco-sa-dclass-dos-VKh9D8k3, Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WLAN Local Profiling Denial of Service Vulnerability, CVE-2020-3428, High 7.4
- cisco-sa-wpa-dos-cXshjerc, Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WPA Denial of Service Vulnerability, CVE-2020-3429, High 7.4
(via)
