INSUBCONTINENT EXCLUSIVE:
In is bi-annual software security advisory bundle for its Cisco IOS and IOS XE products, Cisco has disclosed more than a dozen high-severity
vulnerabilities in its network automation software.The networking giant is recommending that all admins review which versions of Cisco IOS
and IOS XE their devices are running to make sure that they have been updated to versions that address the 13 separate flaws it
discovered.The 13 high-severity vulnerabilities disclosed by Cisco could give an attacker unauthorized access to an affected device, allow
them to run a command-injection attack, or deplete a device's resources which would lead to a denial of service.The CVE-2019-12648 bug in
the IOx application environment of IOS is the most severe and it affects large network operators who use the company's 800 Series
Industrial Integrated Services Routers and its 1000 Series Connected Grid Routers
Luckily though, the bug is contained within a guest operating system running on a virtual machine of an affected IOS device
However, it can be remedied by upgrading to a fixed version of IOS but if this is not possible, Cisco suggests that users disable the guest
OS and it provided instructions on how to uninstall it in its advisory.Cisco has also published an advisory regarding an issue in the Layer
2 network traceroute utility in IOS and IOS XE
Cisco Catalyst switches have this feature enabled by default and according to the company, public exploit code is already available for this
issue.The L2 traacerout server does not require authentication by design and this means that an attacker can collect loads of information
about an affected device including the hostname, hardware model, configured interfaces and IP addresses, VLAN database, Mac address, Layer 2
issue, users can disable their L2 tracerouter server manually or upgrade to a version of IOS or IOS XE that has it disabled by default
However, the later won't be possible until later this year when Cisco releases updated versions of the software.Via ZDNet
