Cisco recently released a publication bundle of security advisories for its Cisco IOS and IOS XE Software, the operating systems that run Cisco’s routers and switches. The bundle contains 20 security advisories that describe 22 vulnerabilities in Cisco IOS & IOS XE Software.
Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access to an affected device, gain elevated privileges for an affected device, execute arbitrary code, and/or cause a denial of service (DoS) condition on an affected device. As of April 9, 2018, there are reports of these vulnerabilities being actively exploited in the wild.
Cisco has released software updates that address these vulnerabilities, and due to their critical nature, Cisco and CTComp recommend patching affected systems as soon as possible. If you would like assistance in updating the Cisco IOS software on the affected routers and switches in your environment, please send an email to service@ctcomp.com to create a support ticket. Time to assess and update affected systems will be billed as needed.
Additional details on these vulnerabilities including links to the individual advisories contained in the bundled publication as well as the specific CVE (Common Vulnerabilities & Exposures) numbers can be found here: https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682
To quickly determine if a specific Cisco IOS or IOS XE Software release is affected by one or more of these vulnerabilities, Cisco has made available a Cisco IOS Software Checker tool that can be found here: https://tools.cisco.com/security/center/softwarechecker.x