CISCO SEMIANNUAL SECURITY ADVISORY
Executive Summary: Cisco released its Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication on March 27, 2019. This describes 17 Cisco Security Advisories, covering 19 vulnerabilities in Cisco’s IOS Software and Cisco’s IOS XE Software.
These vulnerabilities each have a High Security Impact Rating. If successfully exploited, the vulnerabilities could allow an attacker to perform privilege escalation or cause a denial of service (DOS) condition on an affected device.
Six of the advisories (covering eight vulnerabilities) affect both Cisco IOS Software and Cisco IOS XE Software.
One of the vulnerabilities affects Cisco IOS Software only, and ten affect Cisco IOS XE Software only. Cisco has confirmed that none of the vulnerabilities affect Cisco NX-OS Software.
This table, sourced from Cisco, addresses each of the advisories and vulnerabilities released in this Cisco IOS and IOS XE Software Security Advisory Bundled Publication:
Detect: Cisco’s IOS Software Checker2 can be utilized to detect whether a specific Cisco IOS or IOS XE Software version is affected by any of the vulnerabilities.
Affected Products: Cisco products running vulnerable releases of Cisco IOS or IOS XE Software are affected. Some vulnerabilities may require particular configurations to present themselves, but this should be investigated individually for each vulnerability.
Prevent: Cisco have released free software updates to fix the vulnerabilities listed. Updating the versions of Cisco IOS or IOS XE Software to these latest versions will prevent devices being susceptible to these vulnerabilities.
React: It is important to utilise Cisco’s IOS Software Checker2 to detect whether devices are affected by these vulnerabilities, and to ensure that updates are prepared and implemented for any vulnerable devices as soon as possible so that they are secured.