Multiple Security Flaws Found In Cisco Aironet Access Point Software

Cisco has disclosed 13 big security vulnerabilities in its most recent software security advisory for Cisco IOS and Cisco IOS XE.

The company said that all administrators should review their devices to determine which version of this software they are using.

Running an outdated version could mean their devices are exposed to some of these vulnerabilities, said Cisco.

According to Cisco, these vulnerabilities could result in malicious parties gaining access to these devices, which in turn could let them run several forms of attacks – including command-injection or DDoS attacks.

CVE-2019-12648

CVE-2019-12648 is the most threatening of these vulnerabilities, and affects network operators that use the 800 and 1000 series routers.

The bug is found in a guest operating system within a virtual machine on IOS devices.

“Access to the Guest OS relies on the IOS role-based access control (RBAC) and should be restricted to users who have privilege level 15 credentials on IOS,” said Cisco.

“Exploitation of this vulnerability could allow the attacker to successfully log in to the Guest OS using a low-privileged IOS user credentials.”

While this can easily be fixed by upgrading to the latest version of IOS, those who are unable to do so can also disable the guest OS to avoid being affected by the vulnerability until an upgrade is possible.

If you need looking for some help or would like a hassle free managed firewall click here to chat to one of our team.

Leave a Reply

Your email address will not be published. Required fields are marked *