Cisco Released Semi-annual Security Updates for IOS and IOS XE

Cisco Released Semi-annual Security Updates for IOS and IOS XE

September 30, 2018 | Adeline Zhang

Cisco has released bundles of Cisco IOS and IOS XE software security advisories on September 26, 2018. The release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes 13 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. One of the advisories describes a vulnerability that also exists in Cisco ASA Software. All 13 of the vulnerabilities have a Security Impact Rating (SIR) of High.

Four of the vulnerabilities affect both Cisco IOS Software and Cisco IOS XE Software. One of the vulnerabilities affects Cisco IOS Software and seven of the vulnerabilities affect Cisco IOS XE Software. One of the vulnerabilities affects Cisco IOS XE Software and Cisco ASA Software. Cisco has confirmed that none of the vulnerabilities affect Cisco NX-OS Software.

Reference links:

https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities

https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-69981

Vulnerability Description

CVE ID

CVSS 3.0 Description
CVE-2018-0472 8.6 Cisco IOS XE Software and Cisco ASA 5500-X Series Adaptive Security Appliance IPsec Denial of Service Vulnerability
CVE-2018-0466 7.4 Cisco IOS and IOS XE Software OSPFv3 Denial of Service Vulnerability
CVE-2018-0469 8.6 Cisco IOS XE Software Web UI Denial of Service Vulnerability
CVE-2018-0470 8.6 Cisco IOS XE Software HTTP Denial of Service Vulnerability
CVE-2018-0485 8.6 Cisco IOS and IOS XE Software SM-1T3/E3 Service Module Denial of Service Vulnerability
CVE-2018-0476 8.6 Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability
CVE-2018-0473 7.5 Cisco IOS Software Precision Time Protocol Denial of Service Vulnerability
CVE-2018-0467 8.6 Cisco IOS and IOS XE Software IPv6 Hop-by-Hop Options Denial of Service Vulnerability
CVE-2018-0477

CVE-2018-0481

6.7 Cisco IOS XE Software Command Injection Vulnerabilities
CVE-2018-0480 7.4 Cisco IOS XE Software Errdisable Denial of Service Vulnerability
CVE-2018-0475 7.4 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability
CVE-2018-0471 7.4 Cisco IOS XE Software Cisco Discovery Protocol Memory Leak Vulnerability
CVE-2018-0422 7.3

Cisco Webex Meetings Client for Windows Privilege Escalation Vulnerability