{"id":2813,"date":"2024-03-28T16:15:17","date_gmt":"2024-03-28T21:15:17","guid":{"rendered":"https:\/\/www.darkreading.com\/application-security\/cisco-ios-bugs-unauthenticated-remote-dos-attacks"},"modified":"2024-03-28T16:15:17","modified_gmt":"2024-03-28T21:15:17","slug":"cisco-ios-bugs-allow-unauthenticated-remote-dos-attacks","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/03\/28\/cisco-ios-bugs-allow-unauthenticated-remote-dos-attacks\/","title":{"rendered":"Cisco IOS Bugs Allow Unauthenticated, Remote DoS Attacks"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

Cisco has released security updates for its flagship IOS and IOS XE operating system software for networking gear, as well as patches for its Access Point software.<\/span><\/p>\n

The company’s <\/span>security update for Cisco IOS<\/a><\/span> mitigates a total of 14 vulnerabilities, 10 of which are denial-of-service (DoS) bugs that can cause system crashes, unexpected reloads, and heap overflow. The most severe of the high-risk DoS bugs all allow exploitation by unauthenticated, remote attackers.<\/span><\/p>\n

The other bugs allow privilege escalation, command injection, and access control list bypass.<\/span><\/p>\n

Cisco’s Access Point Software updates are for a <\/span>secure boot bypass vulnerability<\/a><\/span> (CVE-2024-20265), as well as another <\/span>denial of service vulnerability<\/a><\/span> (CVE-2024-20271). The former is “a vulnerability in the boot process [that] could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device,” according to the advistory.<\/span><\/p>\n

CISA issued a follow-up alert encouraging administrators to <\/span>update their systems<\/a><\/span> as soon as possible.<\/span><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Cisco has released security updates for its flagship IOS and<\/p>\n","protected":false},"author":12,"featured_media":2814,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-2813","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/cisco-ios-bugs-allow-unauthenticated-remote-dos-attacks-scaled.jpg?fit=2560%2C1700&ssl=1",2560,1700,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/cisco-ios-bugs-allow-unauthenticated-remote-dos-attacks-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/cisco-ios-bugs-allow-unauthenticated-remote-dos-attacks-scaled.jpg?fit=300%2C199&ssl=1",300,199,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/cisco-ios-bugs-allow-unauthenticated-remote-dos-attacks-scaled.jpg?fit=640%2C425&ssl=1",640,425,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/cisco-ios-bugs-allow-unauthenticated-remote-dos-attacks-scaled.jpg?fit=640%2C425&ssl=1",640,425,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/cisco-ios-bugs-allow-unauthenticated-remote-dos-attacks-scaled.jpg?fit=1536%2C1020&ssl=1",1536,1020,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/cisco-ios-bugs-allow-unauthenticated-remote-dos-attacks-scaled.jpg?fit=2048%2C1360&ssl=1",2048,1360,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/cisco-ios-bugs-allow-unauthenticated-remote-dos-attacks-scaled.jpg?fit=1024%2C680&ssl=1",1024,680,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/cisco-ios-bugs-allow-unauthenticated-remote-dos-attacks-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/cisco-ios-bugs-allow-unauthenticated-remote-dos-attacks-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/cisco-ios-bugs-allow-unauthenticated-remote-dos-attacks-scaled.jpg?fit=2560%2C1700&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2813","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2813"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2813\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/2814"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2813"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}