Security News > 2020 > September > Cisco Patches 34 High-Severity Vulnerabilities in IOS Software
Cisco on Thursday informed customers that it has patched 34 high-severity vulnerabilities affecting its IOS and IOS XE software, including many that can be exploited remotely without authentication.
The company has released a total of 25 advisories as part of the September 2020 semiannual IOS and IOS XE Software Security Advisory Bundled Publication.
The DoS vulnerabilities that can be exploited by a remote, unauthenticated attacker are related to the Common Open Policy Service engine, incorrect packet processing, Control and Provisioning of Wireless Access Points protocol processing, RESTCONF and NETCONF-YANG access control list functions, the LPWA subsystem in industrial routers, handling of DHCP messages, the Umbrella Connector component, the Flexible NetFlow version 9 packet processor, the IP Service Level Agreement responder feature, the multicast DNS feature, the Zone-Based Firewall, and the Split DNS feature.
Cisco has also informed customers of two high-severity vulnerabilities affecting Aironet access points.
Many of the vulnerabilities were found internally by Cisco and the networking giant says it has found no evidence that the vulnerabilities have been exploited for malicious purposes.