Cisco Released Security Updates & Fixed 35 Vulnerabilities That Affected Several Cisco Products

Cisco released new security updates and patches 35 vulnerabilities that affected several Cisco Products in order to protect the customers from malicious hackers.

Among 35 vulnerabilities, Cisco marked 1 vulnerability as “critical”, 27 vulnerabilities as “High”, 6 vulnerabilities fixed under medium severity category and 1 vulnerability marked under “Informational” severity.

Critical Severity flaw is a Remote Command Execution Vulnerability CVE-2019-1663 that affected Cisco RV110W, RV130W, and RV215W Routers Wireless-N VPN and Firewall management interface allows a remote attacker to execute arbitrary code on a vulnerable device.

Critical severity vulnerability affects all releases of the following Cisco products prior to those listed in Fixed Releases:

• RV110W Wireless-N VPN Firewall
• RV130W Wireless-N Multifunction VPN Router
• RV215W Wireless-N VPN Router

Remote attackers exploit this critical vulnerability by sending malicious HTTP requests to a targeted device and gained the complete control of the
affected device with high privilege.

In this Cisco security updates, 27 high severity vulnerabilities Cause some of the serious attacks including Arbitrary code execution, privilege escalation, Unauthorized Filesystem Access, Web service & LAN DDoS, command injection etc.

Medium severity vulnerabilities affected some of the enterprise Cisco products including Cisco Nexus 5600 and 6000 Series Switches,Cisco Enterprise Chat and Email, Cisco Nexus 9000 Series Fabric Switches.

Cisco NX-OS Software affected with several vulnerabilities and some of the vulnerabilities could allow an authenticated, local attacker to gain elevated privileges on an affected device.

Cisco Security updates Details

Critical

Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability

High

Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability

High

Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability

High

Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities

High

Cisco NX-OS Software Image Signature Verification Vulnerability

High

Cisco NX-OS Software Privilege Escalation Vulnerability

High

Cisco NX-OS Software Privilege Escalation Vulnerability

High

Cisco NX-OS Software Bash Shell Privilege Escalation Vulnerability

High

Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability

High

Cisco NX-OS Software Netstack Denial of Service Vulnerability

High

Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability

High

Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability

High

Cisco NX-OS Software Privilege Escalation Vulnerability

High

Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability

High

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613)

High

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612)

High

Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611)

High

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610)

High

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)

High

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)

High

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)

High

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606)

High

Cisco NX-OS Software NX-API Command Injection Vulnerability

High

Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability

High

Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability

High

Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability

High

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability

Medium

Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability

Medium

Cisco DNA Center Access Contract Stored Cross-Site Scripting Vulnerability

Medium

Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities

Medium

Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability

Medium

Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability

Medium

Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation Vulnerability

Informational

Action Recommended to Secure the Cisco Nexus PowerOn Auto Provisioning Feature

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Master in Wireshark Network Analysis to keep your self-updated.

Also Read:

Hackers Exploiting More than 9000 Cisco RV320/RV325 Routers After POC published in GitHub

Unpatched Critical Flaw in Cisco Small Business Switches Allows Attackers to Bypass User Authentication

Cisco Released Security Updates & Fixed Several Vulnerabilities that Affected Cisco Products

Privilege Escalation Flaw in Cisco ASA Allows Attackers To Read or Write Files in the System