Cisco, a company dedicated to manufacturing telecommunications devices, launched patches for 34 failures in its software, including solutions for five critical vulnerabilities of arbitrary code execution in its operating system.
Reports from information security specialists argue that critical flaws were rated with 9.8 out of 10 on the CVSS scale.
Four of these vulnerabilities affect Cisco’s different services because “the header values in Cisco Fabric Services packages are insufficiently validated,” according to the security alert.
The NX-API vulnerability is caused by incorrect input validation in the NX-API Subsystem authentication module, which can be exploited if an attacker skilled enough in information security training sends an HTTP or HTTPS crafted package to the management interface of a system affected by this vulnerability.
One of the arbitrary code execution vulnerabilities that affect Cisco software was the result that the affected software did not sufficiently validated the header values in Cisco Fabric Services packages. As a result of the error, a malicious agent could cause a buffer overflow that would allow attackers to execute arbitrary code or cause a DoS failure.
Nineteen of the vulnerabilities were rated high, while the rest were rated median. Experts in information security training recommend keeping eyes open for the updates that the company releases.