One Cisco bug impacting its 800 and 1000 series routers had a CVSS severity score of 9.9.
Cisco Systems released patches for 29 bugs Wednesday that addressed flaws in a wide range of its products including routers and switches running the IOS XE networking software. Thirteen of the vulnerabilities revealed are rated high severity.
The bulk of the high-severity vulnerabilities are tied to conditions that could lead to denial-of-service attacks, while others are command injection bugs (CVE-2019-12650 and CVE-2019-12651) and one digital signature verification bypass flaw (CVE-2019-12649).
One of the bugs (CVE-2019-12648) impacts Cisco 800 and 1000 series routers running Cisco’s IOS software with “Guest OS” installed. “An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root user,” the advisory states.
Interestingly, the bug (CVE-2019-12648) has a Common Vulnerability Scoring System (version 3) score of 9.9. The score should indicate a critical-severity rating, however it’s unclear why a 9.9 bug would only get a high-severity rating.
Another ISO XE bug (CVE-2019-12653), affecting Cisco’s ASR 900 series routers, “could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service condition,” Cisco wrote.
Part of Wednesday’s security alerts also included a warning to users of its L2 traceroute feature in IOS. Cisco is advising those users to disable an L2 traceroute feature in IOS for which there is public exploit code. The L2 traceroute feature is enabled by default in Cisco IOS and IOS XE Software for Cisco Catalyst switches, Cisco wrote.
Patches released on Wednesday dovetail two bugs, rated critical, addressed last week impacting the networking giant’s Cisco Data Center Network Manager. One those flaws (CVE-2019-1619) is an authentication bypass bug with a CVSS score of 9.8.
“A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device,” Cisco wrote.
The other critical bug (CVE-2019-1620) impacting the DCNM is an arbitrary file upload and remote code execution vulnerability with a CVSS rating of 9.8. Cisco said a successful exploitation of the bug “could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device.”