Update now: Cisco warns over 25 high-impact flaws in its IOS and IOS XE software

From zdnet.com

Cisco has alerted customers using its IOS and ISO XE networking gear software to apply updates for 34 flaws across 25 high-severity security advisories. 

The large number of flaws affecting ISO and ISO XE are due to the advisories being announced as part of Cisco’s semi-annual release for the widely used software for Cisco routers and network switches, which happens in April and September. 

Cisco’s IOS stands for Internetworking Operating System and is based on Linux. 

There are two advisories with a severity score of 8.8, the highest of this release’s 25 high-severity advisories. One, tracked as CVE-2020-3400, is an authorization bypass vulnerability in the Cisco IOS XE software web user interface (UI) that may allow a remote attacker with valid credentials to use part of the UI. It’s due to insufficient authorization of web UI access requests and could allow a user with read-only rights to perform actions with Admin user rights.

Read more…