Cisco IOS Bugs Allow Unauthenticated, Remote DoS Attacks

Several Cisco products, including IOS, IOS XE, and AP software, need patching against various high-risk security vulnerabilities.

Cisco sign outside of the company headquarters
Source: MTP via Alamy Stock Photo

Cisco has released security updates for its flagship IOS and IOS XE operating system software for networking gear, as well as patches for its Access Point software.

The company's security update for Cisco IOS mitigates a total of 14 vulnerabilities, 10 of which are denial-of-service (DoS) bugs that can cause system crashes, unexpected reloads, and heap overflow. The most severe of the high-risk DoS bugs all allow exploitation by unauthenticated, remote attackers.

The other bugs allow privilege escalation, command injection, and access control list bypass.

Cisco's Access Point Software updates are for a secure boot bypass vulnerability (CVE-2024-20265), as well as another denial of service vulnerability (CVE-2024-20271). The former is "a vulnerability in the boot process [that] could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device," according to the advistory.

CISA issued a follow-up alert encouraging administrators to update their systems as soon as possible.

About the Author

Becky Bracken, Senior Editor, Dark Reading

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights