Folks – it’s time to tick everyone off with network maintenance windows!  Cisco PSIRT released 30 vulnerabilities in their router firmware across multiple versions of IOS and IOS EX.  Three critical vulnerabilities include one hard-coded credential affecting all IOS XE routers running IOS XE v16, and two which affect v15 under certain conditions.  Fifteen high risk vulnerabilities run the gamut from denial of service, buffer overflow, and privileged escalation.

A complete list follows, and I will update it as more come in today.

Title
Importance
Vulnerability
Requirements

Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
Critical
Remote Code Execution
Only if Smart Install client enabled

Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability
Critical
Remote Code Execution
If “show udp” command shows active UDP connection

Cisco IOS XE Software Static Credential Vulnerability
Critical
Hardcoded Credentials
All devices running IOS XE

Cisco IOS XE Software Web UI Remote Access Privilege Escalation Vulnerability
High
Priviledge Elevation
Only affected if HTTP enabled and AAA not configured

Cisco IOS XE Software Simple Network Management Protocol Double-Free Denial of Service Vulnerability
High
Remote DoS
Only if SNMP enabled

Cisco IOS Software Simple Network Management Protocol GET MIB Object ID Denial of Service Vulnerability
High
Remote DoS
Only if SNMP enabled

Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability
High
Remote DoS
Only if Smart Install client enabled

Cisco IOS XE Software User EXEC Mode Root Shell Access Vulnerabilities
High
Priviledge Elevation
All devices running IOS XE

Cisco IOS XE Software with Cisco Umbrella Integration Denial of Service Vulnerability
High
Remote DoS
Only if Cisco Umbrella integration active

Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities
High
Buffer Overflow
Only if LLDP is configured

Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service Vulnerability
High
Remote DoS
All devices running IOS XE including Catalyst Switches

Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability
High
Remote DoS
Only if IKEv1 enabled

Cisco IOS and IOS XE Software Internet Key Exchange Memory Leak Vulnerability
High
Remote DoS
Only if IKE enabled

Cisco IOS XE Software Internet Group Management Protocol Memory Leak Vulnerability
High
Remote DoS
Only if IP Multicast Routing enabled

Cisco IOS XE Software Zone-Based Firewall IP Fragmentation Denial of Service Vulnerability
High
Remote DoS
Only if “zone security” enabled

Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability
High
Remote DoS
Only if Cisco ISM-VPN installed and running

Cisco IOS and IOS XE Software DHCP Version 4 Relay Denial of Service Vulnerability
High
Remote DoS
Only if DHCP Relay Agent (ip helper) running and option 82 insertion/encapsulation configured

Cisco IOS and IOS XE Software DHCP Version 4 Relay Reply Denial of Service Vulnerability
High
Remote DoS
Only if DHCP Relay Agent (ip helper) running and option 82 insertion/encapsulation configured

Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service Vulnerability
High
Remote DoS
Only if DHCP Relay Agent (ip helper) running and option 82 insertion/encapsulation configured

Cisco IOS and IOS XE Software Bidirectional Forwarding Detection Denial of Service Vulnerability
High
Remote DoS
Only select models of supervisor engine when BFD enabled

Cisco IOS XE Software Arbitrary File Write Vulnerability
Medium
Write to arbitrary files
Only affected if HTTP enabled

Cisco IOS XE Software Web UI Cross-Site Scripting Vulnerabilities
Medium
Cross-site scripting
Only affected if HTTP enabled

Cisco IOS Software Login Enhancements Login Block Denial of Service Vulnerabilities
Medium
Remote DoS
Only if Smart Install client enabled

Cisco IOS XE Software Switch Integrated Security Features IPv6 Denial of Service Vulnerability
Medium
Local DoS
Only certain models w/ integrated switch and IPv6 interface

Cisco IOS XE Software REST API Authorization Bypass Vulnerability
Medium
Authorization Bypass
Affects all IOS XE – but only if REST API used?

Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers Privileged EXEC Mode Root Shell Access Vulnerability
Medium
Priviledge Elevation
Cisco 4000 series ISRs

Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability
Medium
Priviledge Elevation
All devices running IOS XE

Cisco IOS Software 802.1x Multiple-Authentication Port Authentication Bypass Vulnerability
Medium
Authentication Bypass
Only if 802.1X in multi-auth mode

Cisco IOS XE Software CLI Command Injection Vulnerabilities
Medium
Local Command Injection
All devices running IOS XE

Cisco IOS and IOS XE Software Forwarding Information Base Denial of Service Vulnerability
Medium
Remote DoS
All devices running IOS XE