Cisco patched over 30 vulnerabilities in its IOS software, three of which rated a critical status.
One of the three critical vulnerabilities is an issue in the Smart Install feature in IOS and IOS XE software.
An unauthenticated attacker can send specially crafted Smart Install messages to an affected device on TCP port 4786 and cause it to enter a denial-of-service (DoS) condition or execute arbitrary code.
Cisco officials said Smart Install is enabled by default on switches that have not received a recent update for automatically disabling the feature when it’s not in use.
Right now there are 250,000 vulnerable Cisco devices that have TCP port 4786 open.
Another IOS vulnerability patched by Cisco and rated critical is a backdoor that allows an attacker to remotely access a device. This security hole is introduced by the existence of an undocumented account with a default username and password. The credentials provide access to a device with privilege level 15, the highest level of access for Cisco network devices.
The last critical issue affects the quality of service (QoS) subsystem of IOS and IOS XE software. The flaw can allow a remote an unauthenticated attacker to cause a DoS condition or execute code with elevated privileges by sending malicious packets to a device.
Cisco fixed 17 high severity flaws in IOS and IOS XE software. The list includes mostly DoS issues, but some of the vulnerabilities can be exploited for remote code execution and privilege escalation.