Cisco patch day closes critical vulnerabilities
Cisco has published ten security advisories as part of its bi-annual patch day. The advisories resolve a number of security vulnerabilities. The most serious vulnerability (CVSS 10) to have been addressed was in Catalyst switches running the company's IOS network operating system software. A bug in the Smart Install remote maintenance feature allowed remote attackers to execute arbitrary code on affected switches.
The other advisories fix denial-of-service (DoS) vulnerabilities in iOS, Unified Communications Manager and 1000 series routers. Cisco has released updates which fix these vulnerabilities; workarounds exist for some of the problems. As promised, Cisco has also fixed the backdoor vulnerability in its Identity Services Engine identity management software.