Cisco has rolled out security enhancements for its primary IOS and IOS XE operating system software used in networking equipment, alongside patches for its Access Point software. The latest security update for Cisco IOS addresses a total of 14 vulnerabilities, with 10 classified as denial-of-service (DoS) issues capable of triggering system crashes, unexpected reloads, and heap overflow. The most critical of these high-risk DoS vulnerabilities are all susceptible to exploitation by remote attackers without authentication. Additionally, there are other vulnerabilities enabling privilege escalation, command injection, and access control list bypass. Regarding Cisco’s Access Point Software, updates are aimed at fixing a secure boot bypass vulnerability (CVE-2024-20265) and another denial of service vulnerability (CVE-2024-20271). The former poses a threat to the boot process, potentially allowing unauthenticated physical attackers to circumvent Cisco Secure Boot and load tampered software images on affected devices, as outlined in the advisory. CISA has issued a subsequent alert urging system administrators to promptly apply the updates to their systems.
[CyberSafe@Hackinbox ~]#