Pick your poison in IOS and IOS XE: denial-of-service or remote code execution?
Cisco’s ruined Easter for netadmins by revealing three critical-rated flaws, with fixes landing today.
The company’s IOS and IOS XE software need patching against two bugs, CVE-2018-0151 and CVE-2018-171. CVE-2018-151 is a bounds-checking error in IOS/IOS XE’s quality-of-service subsystem, and can be attacked using malicious packets to UDP port 18999. A successful attack triggers a buffer overrun, either causing a denial-of-service (DoS) or remote code execution (RCE).
To read the entire article, please click here.
Source: http://www.theregister.co.uk/
