Cisco Event Response Page
Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication
-
Cisco released its semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication on September 27, 2017. In direct response to customer feedback, Cisco releases bundles of Cisco IOS and IOS XE Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year.
The September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes 12 Cisco Security Advisories that describe 13 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Cisco has released software updates that address these vulnerabilities.
Three of the vulnerabilities affect both Cisco IOS Software and Cisco IOS XE Software. Six of the vulnerabilities affect only Cisco IOS Software. Four of the vulnerabilities affect only Cisco IOS XE Software. Cisco has confirmed that none of the vulnerabilities affect Cisco IOS XR Software or Cisco NX-OS Software.
Of the vulnerabilities, three have a Security Impact Rating (SIR) of Critical. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass authentication, or cause a denial of service (DoS) condition on an affected system.
The remaining 10 vulnerabilities have a SIR of High. Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, bypass authentication, or cause a DoS condition on an affected system.
To quickly determine if a specific Cisco IOS or IOS XE Software release is affected by Cisco product vulnerabilities, use the Cisco IOS Software Checker.
-
The following table identifies Cisco Security content that is associated with this Cisco IOS and IOS XE Software Security Advisory Bundled Publication:
Related Resources
Cisco Security Vulnerability Policy
MITRE Common Vulnerabilities and Exposures
Common Vulnerability Scoring System and the Security Impact Rating
Common Vulnerability Scoring System Q & A
Cisco IPS Signature Downloads
Cisco IOS OVAL Content: Frequently Asked Questions