Cisco Security Advisory

Your workstation and servers aren’t the only operating systems (OSes) that require patching. Firewalls, routers, and switches run OSes of their own and also require updates.

On June 3rd, Cisco released their semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. In this publication, Cisco identified 20 vulnerabilities with a Security Impact Rating (SIR) of “high” and three with an SIR of “critical.” The advisory lists Cisco security risks that have CVSS scores ranging from 6.7 to 9.8 and includes denial-of-service (DoS), command injection, privilege escalation, and remote code execution (RCE) attacks.

Patching systems helps prevent attackers from exploiting any vulnerabilities in your environment, a risk that could have a significant impact on your organization. In the case of this security advisory, Cisco provides no workarounds other than patching your system to address associated vulnerabilities. While Cisco states that many of these vulnerabilities have not yet been exploited, it will not be long before attackers specifically check for systems that have not had the relevant patches applied.

As a singular occurrence, tackling these vulnerabilities with a patch will address the security flaw. However, maintaining an inventory of hardware and installed software and developing a routine process to track relevant vendor-provided guidance will work to mitigate future threats that exploit unpatched systems. By actively monitoring for vulnerability alerts that affect the inventoried systems in your environment, your organization can maintain an ongoing process to apply security-related patches in a timely manner.

Have any questions regarding these latest Cisco security risks and how to patch the firmware? Please contact our security experts at any time.

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

About the Author