Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Cisco Warns of Many Old Vulnerabilities Being Exploited in Attacks

Cisco has updated multiple security advisories to warn of the malicious exploitation of severe vulnerabilities impacting its networking devices.

Many of the bugs, which carry severity ratings of ‘critical’ or ‘high’, have been addressed 4-5 years ago, but organizations that haven’t patched their devices continue to be impacted.

Cisco has updated multiple security advisories to warn of the malicious exploitation of severe vulnerabilities impacting its networking devices.

Many of the bugs, which carry severity ratings of ‘critical’ or ‘high’, have been addressed 4-5 years ago, but organizations that haven’t patched their devices continue to be impacted.

Last week, the tech giant added exploitation warnings to more than 20 advisories detailing security defects in Cisco IOS, NX-OS, and HyperFlex software.

“In March 2022, the Cisco Product Security Incident Response Team (PSIRT) became aware of additional attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability,” the warning reads.

Five of the updated advisories resolve critical-severity vulnerabilities that could allow remote attackers to execute arbitrary code (RCE), cause a denial-of-service (DoS) condition, or execute arbitrary commands.

Carrying a CVSS score of 9.8, the exploited vulnerabilities are tracked as CVE-2017-12240, CVE-2018-0171, CVE-2018-0125, CVE-2021-1497, and CVE-2018-0147, and impact Cisco IOS and IOS XE, the RV132W and RV134W routers, HyperFlex HX, and Secure Access Control System (ACS).

Cisco also updated 15 advisories that deal with high-severity flaws in Cisco IOS and IOS XE, and one that addresses a high-severity arbitrary command execution issue in Small Business RV series routers. Several advisories detailing medium-severity bugs were also updated.

The US Cybersecurity and Infrastructure Security Agency (CISA) added these vulnerabilities to its Known Exploited Vulnerabilities Catalog months ago, but there does not appear to be any information regarding the attacks exploiting many of these flaws.

Advertisement. Scroll to continue reading.

Organizations are advised to review the advisories on Cisco’s security page and apply necessary patches as soon as possible.

Related: Cisco Working on Patch for Publicly Disclosed IP Phone Vulnerability

Related: Cisco Secure Email Gateway Filters Bypassed Due to Malware Scanner Issue

Related: Cisco Patches High-Severity Bugs in Email, Identity, Web Security Products

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.