Could lead to disclosure of confidential info, DoS condition

Oct 17, 2018 20:31 GMT  ·  By  ·  Comment  · 
Share:             

Cisco patched 15 high and medium risk security issues in multiple products allowing attackers to induce denial of service conditions, to restart devices, to view sensitive info, and obtain access to confidential information on vulnerable systems.

Other vulnerabilities fixed by Cisco today allowed actors to conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks via a device's web-based management interface.

Out of the fifteen patched security bugs, five are denial-of-service (DoS) vulnerabilities (i.e., CVE-2018-0443, CVE-2018-0456, CVE-2018-0378, CVE-2018-0395, CVE-2018-0441), all of them categorized as high-risk issues.

No workarounds are available for any of the DoS vulnerabilities patched today by Cisco, but they are all patchable using the free software updates issued today by the vendor.

Furthermore, Cisco's Product Security Incident Response Team (PSIRT) says that they are "not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."

Out of the fifteen patched vulnerabilities, five are high-risk denial-of-service security issues

The other two high-risk security issues (CVE-2018-0417 and CVE-2018-0443) fixed today by Cisco could lead to privilege escalation and information disclosure after successful exploitation of vulnerable devices.

Moreover, the medium risk issues patched can lead to a multitude of security problems, from directory traversal and information disclosure to cross-site scripting (XSS), privilege escalation, cross-site request forgery (CSRF), and denial of service.

Just like in the case of the fixed high-risk bugs, Cisco's PSIRT did not find any of the vulnerabilities exploited in the wild.

The fifteen patched security issues affect a wide array of modules and features of the following software products: Cisco Wireless LAN Controller Software, Cisco NX-OS Software, Cisco IOS Access Points (APs) Software, Cisco SocialMiner, Cisco Enterprise NFV Infrastructure Software, Cisco Prime Collaboration Assurance, and the Cisco Aironet 1560, 1800, 2800, and 3800 Series Access Points (APs) software.

  Click to load comments
This enables Disqus, Inc. to process some of your data. Disqus privacy policy

Related Stories

Fresh Reviews

Latest News