Nine security advisories address multiple vulnerabilities, including one critical and two high severity advisories
Summary
Nine security advisories address multiple vulnerabilities, including one critical and two high severity advisories
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Cisco has released nine security advisories addressing multiple vulnerabilities, including one critical and two high severity advisories affecting Cisco Identity Services Engine (ISE), Cisco NX-OS, Cisco Expressway, Cisco IOS, Cisco IOS XE, Cisco IOS XR, Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance.
The critical vulnerability affects Cisco ISE and Cisco ISE Passive Identity Connector, software which facilitates endpoint management. The vulnerability could allow an authenticated, remote attacker to execute arbitrary commands and elevate privileges on an affected device, provided that the attacker has valid read-only administrative credentials.
One high severity advisory affects Cisco NX-OS Software, which is a network operating system. This vulnerability could allow an attacker to bypass NX-OS image signature verification and load unverified software.
The other high severity advisory details vulnerabilities affecting Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software, which are networking software systems. The vulnerabilities could allow an authenticated, remote attacker to conduct a denial-of-service (DoS) attack on an affected device.
Additionally, six medium severity advisories were also issued.
Remediation advice
Affected organisations are encouraged to review Cisco's security advisories.
Remediation steps
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 6 February 2025 3:11 pm