Many of the vulnerabilities of seriousness “critical” or “high” were eliminated 4-5 years ago, but organizations that did not use patches continue to be attacked with their use.
Last week, Cisco warned that hackers exploit more than 20 old vulnerabilities in Cisco iOS, NX-Sos and Hyperflex.
“In March 2022, the Cisco Product Security Response Team (Psirt) team became known about attempts to operate these vulnerabilities in the wild. We still strongly recommend that customers set up updated versions,” the warning said.
In five updated recommendations, Cisco described in detail five critical vulnerabilities (allowing to execute arbitrary code, commands or conduct DOS attacks) and gave advice on their correction.
We are talking about gaps in defense, which received 9.8 out of 10 on the CVSS scale:
cve-2017-12240;
cve-2018-0171;
cve-2018-0125;
cve-2021-1497;
cve-2018-0147.
These vulnerabilities affect Cisco IOS and iOS XE, RV132W and RV134W, Hyperflex HX and SecCESS CONTROL SYSTEM (ACS).
.
Cisco also updated 15 recommendations regarding less serious defects in Cisco IOS and iOS XE, and one recommendation dedicated to RCE-vasuals in the Small Business RV series.
All the recommendations can be found at Cisco .
.