Cisco patch day fixes nine IOS vulnerabilities
As part of its bi-annual patch day, Cisco has published nine security advisories for its IOS network operating system. These advisories address a number of vulnerabilities, one of which (CVSS 8.5) could allow unauthorised remote users to gain administrative access via a privilege escalation exploit.
The other eight advisories cover denial-of-service (DoS) vulnerabilities. Several bugs in Cisco's IOS Zone-Based Firewall which left it vulnerable to denial of service attacks. Other issues involve DoS problems when initiating NAT sessions, during Internet Key Exchange (IKE), establishing reverse SSH sessions, performing traffic optimisation, handling multicast source discovery or while using IOS's Smart Install feature.