Cisco Issues Patches to Fix Multiple Holes

Thursday, October 18, 2018 @ 03:10 PM gHale

Cisco patched 15 high and medium risk security issues in multiple products.

If left unpatched, attackers could leverage the vulnerabilities to create denial of service conditions, restart devices, view sensitive information, and obtain access to confidential information on vulnerable systems.

RELATED STORIES
Cisco Patches 3 Critical Vulnerabilities
Cisco Clears Default Password Hole
Cisco Clears Critical Vulnerabilities
Cisco Fixes Product Vulnerabilities

Other holes could allow actors to conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks via a device’s web-based management interface, according to a Cisco advisory.

Out of the fifteen patched security bugs, five – CVE-2018-0443, CVE-2018-0456, CVE-2018-0378, CVE-2018-0395, CVE-2018-0441 – are denial-of-service (DoS) vulnerabilities categorized as high-risk issues.

No workarounds are available for any of the DoS vulnerabilities, but they all have patches using the free software updates.

Cisco’s Product Security Incident Response Team (PSIRT) says they are “not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.”

Out of the fifteen patched vulnerabilities, five are high-risk denial-of-service security issues.

The other two high-risk security issues (CVE-2018-0417 and CVE-2018-0443) could lead to privilege escalation and information disclosure after successful exploitation of vulnerable devices.

Moreover, the medium risk issues patched can lead to directory traversal and information disclosure to cross-site scripting (XSS), privilege escalation, cross-site request forgery (CSRF), and denial of service.

Just like in the case of the fixed high-risk bugs, Cisco’s PSIRT did not find any of the vulnerabilities exploited in the wild.



Leave a Reply

You must be logged in to post a comment.