Cisco Releases Security Advisories for Multiple Products

Summary:

On [Date], Cisco released security advisories for multiple vulnerabilities affecting various Cisco products. The vulnerabilities, if exploited, could allow a remote threat actor to take control of an affected system.

The advisories address six critical vulnerabilities across different Cisco products, including:

1. Cisco Catalyst SD-WAN Manager Vulnerabilities (cisco-sa-sdwan-vman-sc-LRLfu2z): A remote cyber threat actor could exploit these vulnerabilities to take control of an affected system, potentially allowing unauthorized access, data theft, or system compromise.
2. Cisco IOS XE Software Web UI Command Injection Vulnerability (cisco-sa-webui-cmdij-FzZAeXAy): An attacker could inject commands into the Cisco IOS XE Software Web UI, potentially leading to system compromise or unauthorized access.
3. Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers IPv6 Multicast Denial of Service Vulnerability (cisco-sa-mlre-H93FswRz): A remote threat actor could exploit this vulnerability to cause a denial-of-service (DoS) condition, potentially leading to network disruptions or system crashes.
4. Cisco IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability (cisco-sa-ios-xe-l2tp-dos-eB5tuFmV): An attacker could exploit this vulnerability to cause a denial-of-service (DoS) condition, potentially leading to network disruptions or system crashes.
5. Cisco DNA Center API Insufficient Access Control Vulnerability (cisco-sa-dnac-ins-acc-con-nHAVDRBZ): An attacker could exploit this vulnerability to gain unauthorized access to the Cisco DNA Center API, potentially allowing data theft or system compromise.
6. Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches Denial of Service Vulnerability (cisco-sa-cat3k-dos-ZZA4Gb3r): A remote threat actor could exploit this vulnerability to cause a denial-of-service (DoS) condition, potentially leading to network disruptions or system crashes.
7. Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense Denial of Service Vulnerability (cisco-sa-appqoe-utd-dos-p8O57p5y): An attacker could exploit this vulnerability to cause a denial-of-service (DoS) condition, potentially leading to system crashes or network disruptions.
8. Cisco IOS and IOS XE Software Command Authorization Bypass Vulnerability (cisco-sa-aaascp-Tyj4fEJm): An attacker could exploit this vulnerability to bypass command authorization checks, potentially allowing unauthorized access or system compromise.

The United States Cybersecurity and Infrastructure Security Agency (CISA) strongly encourages users and administrators to review the advisories and apply necessary updates to mitigate these vulnerabilities.

It is also recommended to visit the Cisco Security Advisories page for updates addressing lower severity vulnerabilities.