Egg on Cisco's face: Three critical software bugs to fix over Easter

Pick your poison in IOS and IOS XE: denial-of-service or remote code execution?

By Richard Chirgwin

Cisco’s ruined Easter for netadmins by revealing three critical-rated flaws, with fixes landing today.

The company’s IOS and IOS XE software need patching against two bugs, CVE-2018-0151 and CVE-2018-171. CVE-2018-151 is a bounds-checking error in IOS/IOS XE’s quality-of-service subsystem, and can be attacked using malicious packets to UDP port 18999. A successful attack triggers a buffer overrun, either causing a denial-of-service (DoS) or remote code execution (RCE).

To read the entire article, please click here.