[German]Short addendum from this week. The manufacturer Cisco has published extensive security advisories and updates for its network hardware as of September 28, 2022. The updates affect switches and wireless controllers from this manufacturer, among others. Attackers could disrupt the devices or services, or take control. The vulnerabilities are largely classified with the threat level high.
Advertising
Details can be found in the following linked security information from Cisco.
- Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points UDP Processing Denial of Service
- Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family DHCP Processing Denial of Service
- Cisco Wireless LAN Controller AireOS Software FIPS Mode Denial of Service
- Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service
- Cisco IOS and IOS XE Software Common Industrial Protocol Request Denial of Service
- Cisco IOS XE Software for Catalyst Switches MPLS Denial of Service
- Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Mobility Denial of Service
- Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation
- Cisco SD-WAN Software Privilege Escalation
- Cisco IOS and IOS XE Software SSH Denial of Service
- Cisco IOS XE Software IPv6 VPN over MPLS Denial of Service
- Cisco Catalyst 9100 Series Access Points Association Request Denial of Service
- Cisco SD-WAN Software Arbitrary File Corruption
- Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure
- Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution
- Cisco Duo for macOS Authentication Bypass
- Cisco IOS XE Software Web UI Command Injection
- Cisco Software-Defined Application Visibility and Control on Cisco vManage Authentication Bypass
- Cisco Software-Defined Application Visibility and Control on Cisco vManage Static Username and Password
- Cisco IOS XE ROM Monitor Software for Catalyst Switches Information Disclosure
- Cisco SD-WAN Arbitrary File Deletion
Due to the severity of many vulnerabilities, devices should be promptly updated with the updates offered by Cisco.
Advertising