Multiple Cisco Products

Cisco released updates to address vulnerabilities in several products. Successful exploitation of the most severe vulnerabilities could allow a remote, unauthenticated threat actor to obtain control of the affected system. The NJCCIC recommends all users and administrators review the Cisco Security Advisories below and apply the necessary updates as soon as possible; there are no available workarounds to address any of these vulnerabilities.


Cisco IOS and IOS XE

Cisco released a security advisory addressing several high severity vulnerabilities in Simple Network Management Protocol (SNMP) for its IOS and IOS XE software. These vulnerabilities affect all releases of IOS and IOS XE and all versions of SNMP – 1, 2c, and 3. Successful exploitation could allow a threat actor to execute arbitrary code, cause the system to reload, and take full control of the system. The NJCCIC recommends all users and administrators review the Cisco Security Advisory and apply the provided workarounds until a patch becomes available.