Cisco has released security updates for its flagship IOS and IOS XE operating system software for network devices, as well as patches for its Access Point software.
That of the company Security update for Cisco IOS It mitigates a total of 14 vulnerabilities, 10 of which are denial-of-service (DoS) bugs that can cause system crashes, unexpected reloads, and heap overflows. The most serious of the high-risk DoS bugs all allow exploitation by remote, unauthenticated attackers.
The other bugs allow for privilege escalation, command injection, and access control list bypass.
Cisco Access Point software updates are for a secure boot bypass vulnerability (CVE-2024-20265), as well as another vulnerability to denial of service (CVE-2024-20271). The first is “a vulnerability in the boot process [that] could allow an unauthenticated physical attacker to bypass the Cisco Secure Boot feature and upload a software image that has been tampered with to an affected device,” according to the advisory.
CISA issued a follow-up notice encouraging administrators to do so update your systems as soon as possible.