Cisco systems recently released a patch to repair a high-risk vulnerability in its routers.
The patch was made available to repair a dangerous flaw that affects the Cisco Network Convergence System (NCS) 6000 Series Routers’ software called Cisco iOS XR. The said vulnerability can cause denial-of-service conditions, placing damaged devices in a non-operational state.
This flaw can be exploited by attackers by initiating a number of management connections to an affected device over the Secure Shell (SSH), Secure Copy Protocol (SCP), or Secure FTP (SFTP).
Cisco rated this vulnerability as high severity because it affects the availability of an important piece of equipment, like a router. With this flaw, users are highly advised to install the newly released patches.
Meanwhile, another flaw was also fixed in the Cisco iOS XR software that could allow attackers to perform arbitrary commands on the operating system. The vulnerability affecting the iOS XR Software Release 6.0.1.BASE was rated medium severity as the attacker will still need to be authenticated as a local user.
Another focus of this week’s patch releases were the Cisco’s meeting servers. One flaw in the Cisco Meeting Server’s HTTP interface was fixed because it could have enabled attackers to fire persistent cross-site scripting (XSS) attacks against users.
(Photo Source: InfoWorld)