Cisco Releases Semi-annual Bundled Security Advisory for IOS and IOS XE Software
Twelve vulnerabilities are included in the September 2022 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication
Summary
Twelve vulnerabilities are included in the September 2022 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication
Threat details
Introduction
Cisco has released 12 security advisories in the September 2022 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. The 10 vulnerabilities rated as High concern denial-of-service (DoS), privilege escalation, and arbitrary code execution. The 2 Medium vulnerabilities affect information disclosure and command injection. An unauthenticated remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Remediation advice
Affected organisations are encouraged to review September 2022 Semi-annual Cisco IOS and IOS XE Software Security Advisory Bundled Publication and the following Cisco Security Advisories and apply the necessary updates or workarounds.
Remediation steps
| Type | Step |
|---|---|
| Patch |
Cisco IOS and IOS XE Software Common Industrial Protocol Request Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cip-dos-9rTbKLt9 |
| Patch |
Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-KU9Z8kFX |
| Patch |
Cisco IOS XE Software for Catalyst Switches MPLS Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-mpls-dos-Ab4OUL3 |
| Patch |
Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points UDP Processing Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-udp-dos-XDyEwhNz |
| Patch |
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Mobility Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-mob-dos-342YAc6J |
| Patch |
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family DHCP Processing Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dhcp-dos-76pCjPxK |
| Patch |
Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK |
| Patch |
Cisco IOS and IOS XE Software SSH Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk |
| Patch |
Cisco IOS XE Software IPv6 VPN over MPLS Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-6vpe-dos-tJBtf5Zv |
| Patch |
Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-D4NEQA6q |
| Patch |
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ |
| Patch |
Cisco IOS XE Software Web UI Command Injection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-Gje47EMn |
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 29 September 2022 2:25 pm