Cisco this week announced the availability of patches for a series of critical vulnerabilities in IOS XE software that could be exploited to execute arbitrary code remotely, cause denial of service, or manipulate device configuration.
The most severe of these issues is CVE-2021-34770 (CVSS score of 10), which could lead to remote code execution without authentication, with administrator privileges.
Residing in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of IOS XE software for Catalyst 9000 wireless controllers, the bug can also be exploited to cause a denial of service (DoS) condition.
According to Cisco, because the process of validating CAPWAP packets is flawed, an attacker could send a crafted packet to a vulnerable device to run arbitrary code or cause the device to crash and reload.
The security hole affects Catalyst 9300, 9400, and 9500 series switches, Catalyst 9800 and 9800-CL wireless controllers, and embedded wireless controllers on catalyst access points.
Cisco also addressed a buffer overflow in IOS XE SD-WAN, which could be exploited by an unauthenticated, remote attacker to execute arbitrary commands with root privileges or cause a denial of service condition.
Tracked as CVE-2021-34727 (CVSS score of 9.8), the vulnerability exists due to insufficient bounds checking during the processing of traffic. Affected products include 1000 and 4000 series integrated services routers (ISRs), 1000 series aggregation services routers (ASR), and cloud services router 1000V series.
The third critical vulnerability Cisco patched in IOS XE this week is CVE-2021-1619 (CVSS score of 9.8), which resides in the authentication, authorization, and accounting (AAA) function of the platform.
Due to an uninitialized variable, the bug allows for an unauthenticated, remote attacker to send NETCONF or RESTCONF requests to bypass authentication and manipulate the configuration of the device or cause denial of service.
Cisco has released patches for all three vulnerabilities and says that it is not aware of them being exploited in the wild.
The patches were released as part of Cisco’s September 2021 bundle of security advisories for IOS and IOS XE software, which consists of a total of 25 advisories describing 27 vulnerabilities in these platforms, including 13 high-severity and 11 medium-severity flaws.
Related: Cisco Patches Critical Enterprise NFVIS Vulnerability for Which PoC Exploit Is Available
Related: Cisco: Critical Flaw in Older SMB Routers Will Remain Unpatched
Related: Cisco Patches Serious Vulnerabilities in Data Center Products