On march the 22nd of the current month, Cisco released a new Security Advisory that affects several Cisco Products. Most vulnerabilities addressed allow remote threat actors to be able to exploit these vulnerabilities to gain control of an affected device.
Here's a list of the vulnerabilities:
Cisco IOS XE Software Virtual Fragmentation Reassembly Denial of Service Vulnerability
Cisco IOS XE Software IOx Application Hosting Environment Privilege Escalation Vulnerability
Cisco IOS XE SD-WAN Software Command Injection Vulnerability
Cisco IOS XE Software Fragmented Tunnel Protocol Packet Denial of Service Vulnerability
Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability
Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability
Cisco DNA Center Privilege Escalation Vulnerability
Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass Vulnerability
Cisco Access Point Software Association Request Denial of Service Vulnerability
We can find the following devices amongts the affected by the afore aforementioned vulnerabilities:
​1000 Series Integrated Services Routers (ISRs) | ASR 1000 Series Aggregation Services Routers |
4000 Series ISRs | Catalyst 8000 Edge Platforms Family |
Cloud Services Router (CSR) 1000V Series | Business 150 APs and 151 Mesh Extenders |
Catalyst 9100 APs | Catalyst 8000V Edge Software Routers |
Catalyst 8200 Series Edge Platforms | Catalyst 8300 Series Edge Platforms |
Catalyst 8500L Series Edge Platforms | ​Cisco IOS XE Software releases 17.9.1, 17.9.1a, or 17.9.1w and have a tunnel interface configured. |
We highly recomend checking the release for more information and affected devices / IOS Versions.