Tuesday, April 16, 2024

Cisco Released IOS XR Software Security Advisory


Cisco Systems, Inc., announced the release of its semiannual security advisory bundle, which addresses critical vulnerabilities in its IOS XR Software.

This publication is part of Cisco’s commitment to transparency and continuous improvement in cybersecurity. It aligns with their scheduled advisory releases on the second Wednesday of March and September each year.

Cisco’s decision to release bundled advisories directly results from customer feedback.

The company acknowledges the importance of customer input in shaping its security protocols and updating schedules.

This customer-centric approach ensures that users are well-informed and can plan their maintenance activities effectively.

Details of the March 2024 Security Advisories

The latest release includes eight advisories that detail nine vulnerabilities affecting Cisco IOS XR Software.


Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.


The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

If left unpatched, these vulnerabilities could allow attackers to exploit the system, leading to potential unauthorized access, denial of service, or other malicious activities.

The following table identifies Cisco Security content that is associated with this bundled publication:

Cisco Security AdvisoryCVE IDSecurity Impact RatingCVSS Base ScoreCisco IOS XR Software SSH Privilege Escalation VulnerabilityCVE-2024-20320High7.8Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service VulnerabilityCVE-2024-20327High7.4Cisco IOS XR Software Layer 2 Services Denial of Service VulnerabilityCVE-2024-20318High7.4Cisco IOS XR Software iPXE Boot Signature Bypass VulnerabilityCVE-2023-20236Medium6.7Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service VulnerabilityCVE-2024-20262Medium6.5Cisco IOS XR Software MPLS and Pseudowire Interfaces Access Control List Bypass VulnerabilitiesCVE-2024-20315 CVE-2024-20322Medium5.8Cisco IOS XR Software DHCP Version 4 Server Denial of Service VulnerabilityCVE-2024-20266Medium5.3Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass VulnerabilityCVE-2024-20319Medium4.3

Cisco has identified these issues and provided software updates to mitigate the risks associated with these vulnerabilities.

Importance of Software Updates

Cisco strongly recommends that customers apply the provided updates as soon as possible.

Software updates are a crucial defense against cyber threats, and keeping systems up-to-date is essential for maintaining network security and integrity.

Customers can access updates and detailed information about each vulnerability on the Cisco Security Advisories page.

Customers can view the detailed advisories and obtain the necessary software updates by visiting the Cisco Security Advisory website at Cisco Security Advisories.

Here, users can find comprehensive information about the vulnerabilities, affected products, and steps to apply the updates.

Cisco’s Commitment to Security

Cisco’s regular security advisory publications underscore the company’s dedication to cybersecurity and proactive approach to addressing potential threats.

Cisco is committed to protecting its clients’ network environments by adhering to a predictable release schedule and actively incorporating customer feedback.

With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post Cisco Released IOS XR Software Security Advisory appeared first on Cyber Security News.

“}]]   Read More 

Cyber Security News