Cisco is plugging security leaks in the router operating system IOS Three of them deal with high-risk gaps, while four deal with medium-level threats.
Advertisement
The SSH client feature of Cisco's IOS Due to a vulnerability in the Layer 2 Ethernet service, unauthenticated attackers from the network can provoke a reset of the line card processor and thus paralyze the device (Denial of Service, DoS).
Cisco IOS XR: Three high-risk vulnerabilities
The PPPoE feature of Cisco IOS of Service. Cisco considers gaps in the SCP and SFTP service, incorrect rights checks on the MPLS and pseudowire interfaces, denial-of-service gaps in the DHCP service and the potential bypassing of protection guidelines for access to the SNMP service to be less serious.
The security messages contain further information, such as temporary countermeasures or links to updated software:
- Cisco IOS XR Software SSH Privilege Escalation Vulnerability (CVE-2024-20320, CVSS 7.8Risk hoch)
- Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability (CVE-2024-20318, CVSS 7.4, hoch)
- Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability (CVE-2024-20327, CVSS 7.4, hoch)
- Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability (CVE-2024-20262, CVSS 6.5, medium)
- Cisco IOS XR Software MPLS and Pseudowire Interfaces Access Control List Bypass Vulnerabilities (CVE-2024-20315 & CVE-2024-20322, CVSS 5.8, medium)
- Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability (CVE-2024-20266, CVSS 5.3, medium)
- Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability (CVE-2024-20319, CVSS 4.3, medium)
In the past week, Cisco had already patched vulnerabilities in several products. Updates have since been available for Cisco AppDynamics, Duo Authentication, Secure Client, Secure Client for Linux and wireless access points in the small business series.
(dmk)