Cisco has launched safety updates for its flagship IOS and IOS XE working system software program for networking gear, in addition to patches for its Entry Level software program.
The corporate’s safety replace for Cisco IOS mitigates a complete of 14 vulnerabilities, 10 of that are denial-of-service (DoS) bugs that may trigger system crashes, surprising reloads, and heap overflow. Essentially the most extreme of the high-risk DoS bugs all permit exploitation by unauthenticated, distant attackers.
The opposite bugs permit privilege escalation, command injection, and entry management checklist bypass.
Cisco’s Entry Level Software program updates are for a safe boot bypass vulnerability (CVE-2024-20265), in addition to one other denial of service vulnerability (CVE-2024-20271). The previous is “a vulnerability within the boot course of [that] might permit an unauthenticated, bodily attacker to bypass the Cisco Safe Boot performance and cargo a software program picture that has been tampered with on an affected gadget,” based on the advistory.
CISA issued a follow-up alert encouraging directors to replace their programs as quickly as potential.
