Cisco IOS/XE Vulnerabilities - Remote Attack Possible
Summary
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Cisco IOS and IOS XE software, with a CVSS base score of 8.6. These vulnerabilities allow for remote attacks, potentially leading to extended privileges, code execution, and denial-of-service conditions. Mitigation measures are available.
What changed
This advisory from CERT-Bund details critical vulnerabilities affecting Cisco IOS and IOS XE software, including Cisco Catalyst switches and wireless controllers. The vulnerabilities, rated with a CVSS base score of 8.6, permit remote attackers to gain elevated privileges, execute arbitrary code, bypass security controls, conduct cross-site scripting attacks, manipulate data, disclose confidential information, and cause denial-of-service conditions.
Organizations utilizing affected Cisco devices should immediately review the advisory for specific product versions and CVE identifiers. Implementing available mitigation measures is crucial to prevent exploitation. While no specific compliance deadline is provided, prompt patching or applying workarounds is essential to maintain network security and prevent potential disruptions or data breaches.
What to do next
- Review affected Cisco IOS/XE product versions and CVEs.
- Implement available mitigation measures and patches.
- Assess potential impact of vulnerabilities on network security.
Source document (simplified)
[WID-SEC-2026-0874] Cisco IOS und IOS XE Software: Mehrere Schwachstellen CVSS Base Score 8.6 (hoch) CVSS Temporal Score 7.5 (hoch) Remoteangriff ja Datum 25.03.2026 Stand 26.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- CISCO Appliance
Produktbeschreibung
Cisco Internetwork Operating System (IOS) ist ein Betriebssystem, das für Cisco Geräte wie z. B. Router und Switches eingesetzt wird.
Catalyst ist der Markenname für eine Vielzahl von Netzwerk-Switches die von Cisco Systems verkauft werden.
Produkte
25.03.2026
- Cisco IOS XE
Cisco IOS XE Lobby Ambassador
Cisco IOS XE Catalyst 9000 Switches
Cisco IOS XE Wireless Controller Catalyst CW9800
Cisco IOS XE Catalyst
Cisco IOS XE Rugged Series Switch
Cisco IOS XE IOx Application
Cisco IOS XE Secure Channel for Meraki
Cisco Catalyst
Cisco IOS Software Release 3E
Cisco IOS XE Software Release 3E
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in Cisco IOS XE, Cisco IOS und Cisco Catalyst ausnutzen, um sich erweiterte Rechte zu verschaffen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand herbeizuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Named provisions
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.