Cisco security updates

Cisco released new security updates and patches 35 vulnerabilities that affected several Cisco Products in order to protect the customers from malicious hackers.

Among 35 vulnerabilities, Cisco marked 1 vulnerability as “critical”, 27 vulnerabilities as “High”, 6 vulnerabilities fixed under medium severity category and 1 vulnerability marked under “Informational” severity.

Critical Severity flaw is a Remote Command Execution Vulnerability CVE-2019-1663 that affected Cisco RV110W, RV130W, and RV215W Routers Wireless-N VPN and Firewall management interface allows a remote attacker to execute arbitrary code on a vulnerable device.

Critical severity vulnerability affects all releases of the following Cisco products prior to those listed in Fixed Releases:

  • RV110W Wireless-N VPN Firewall
  • RV130W Wireless-N Multifunction VPN Router
  • RV215W Wireless-N VPN Router

Remote attackers exploit this critical vulnerability by sending malicious HTTP requests to a targeted device and gained the complete control of the
affected device with high privilege.

In this Cisco security updates, 27 high severity vulnerabilities Cause some of the serious attacks including Arbitrary code execution, privilege escalation, Unauthorized Filesystem Access, Web service & LAN DDoS, command injection etc.

Medium severity vulnerabilities affected some of the enterprise Cisco products including Cisco Nexus 5600 and 6000 Series Switches,Cisco Enterprise Chat and Email, Cisco Nexus 9000 Series Fabric Switches.

Cisco NX-OS Software affected with several vulnerabilities and some of the vulnerabilities could allow an authenticated, local attacker to gain elevated privileges on an affected device.

Cisco Security updates Details

Critical
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
High
Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability
High
Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability
High
Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities
High
Cisco NX-OS Software Image Signature Verification Vulnerability
High
Cisco NX-OS Software Privilege Escalation Vulnerability
High
Cisco NX-OS Software Privilege Escalation Vulnerability
High
Cisco NX-OS Software Bash Shell Privilege Escalation Vulnerability
High
Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability
High
Cisco NX-OS Software Netstack Denial of Service Vulnerability
High
Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability
High
Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
High
Cisco NX-OS Software Privilege Escalation Vulnerability
High
Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability
High
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613)
High
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612)
High
Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611)
High
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610)
High
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)
High
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)
High
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)
High
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606)
High
Cisco NX-OS Software NX-API Command Injection Vulnerability
High
Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability
High
Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability
High
Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability
High
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability
Medium
Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability
Medium
Cisco DNA Center Access Contract Stored Cross-Site Scripting Vulnerability
Medium
Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities
Medium
Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability
Medium
Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability
Medium
Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation Vulnerability
Informational
Action Recommended to Secure the Cisco Nexus PowerOn Auto Provisioning Feature

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Master in Wireshark Network Analysis to keep your self-updated.

Also Read:

Hackers Exploiting More than 9000 Cisco RV320/RV325 Routers After POC published in GitHub

Unpatched Critical Flaw in Cisco Small Business Switches Allows Attackers to Bypass User Authentication

Cisco Released Security Updates & Fixed Several Vulnerabilities that Affected Cisco Products

Privilege Escalation Flaw in Cisco ASA Allows Attackers To Read or Write Files in the System