Cisco Event Response Page

Cisco Event Response: March 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication

Doc ID:

ERP-74408

First Published:

2021 March 24 16:00 GMT

Version:

1.0

Summary

Cisco released its semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication on March 24, 2021. In direct response to customer feedback, Cisco releases bundles of Cisco IOS and IOS XE Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year.

The March 24, 2021, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes 14 Cisco Security Advisories that describe 15 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Cisco has released software updates that address these vulnerabilities.

All 14 advisories have a Security Impact Rating (SIR) of High.

To quickly determine whether a specific Cisco IOS or IOS XE Software release is affected by one or more vulnerabilities, customers can use the Cisco Software Checker.

Details

The following table identifies Cisco Security content that is associated with this bundled publication:

Cisco Security Advisory	CVE ID	Security Impact Rating	CVSS Base Score
cisco-sa-XE-SAP-OPLbze68 Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability	CVE-2021-1392	High	7.8
cisco-sa-iosxe-sdwarbcmdexec-sspOMUr3 Cisco IOS XE SD-WAN Software Arbitrary Command Execution Vulnerability	CVE-2021-1432	High	7.3
cisco-sa-iosxe-buffover-CqdRWLc Cisco IOS XE SD-WAN Software vDaemon Buffer Overflow Vulnerability	CVE-2021-1433	High	8.1
cisco-sa-iosxe-sdwdos-4zeEeC9w Cisco IOS XE SD-WAN Software vDaemon Denial of Service Vulnerability	CVE-2021-1431	High	7.5
cisco-sa-XE-ACE-75K3bRWe Cisco IOS XE Software Arbitrary Code Execution Vulnerability	CVE-2021-1398	High	6.8
cisco-sa-iosxe-decnet-dos-cuPWDkyL Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability	CVE-2021-1352	High	7.4
cisco-sa-alg-dos-hbBS7SZE Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability	CVE-2021-1446	High	8.6
cisco-sa-ios-xe-evss-code-exe-8cw5VSvw Cisco IOS XE Software Easy Virtual Switching System Arbitrary Code Execution Vulnerability	CVE-2021-1451	High	8.1
cisco-sa-fast-Zqr6DD5 Cisco IOS XE Software Fast Reload Vulnerabilities	CVE-2021-1375 CVE-2021-1376	High	6.7
cisco-sa-ios-xe-cat-verify-BQ5hrXgH Cisco IOS XE Software for the Catalyst 9000 Family Arbitrary Code Execution Vulnerability	CVE-2021-1453	High	6.8
cisco-sa-ios-xe-iot-codexec-k46EFF6q Cisco IOS XE Software Hardware Initialization Routines Arbitrary Code Execution Vulnerability	CVE-2021-1441	High	6.7
cisco-sa-ios-xe-pnp-priv-esc-AmG3kuVL Cisco IOS XE Software Plug-and-Play Privilege Escalation Vulnerability	CVE-2021-1442	High	7
cisco-sa-iosxe-cswsh-FKk9AzT5 Cisco IOS XE Software Web UI Cross-Site WebSocket Hijacking Vulnerability	CVE-2021-1403	High	7.4
cisco-sa-ewlc-capwap-dos-2OA3JgKS Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability	CVE-2021-1373	High	8.6

Related Resources

Cisco Security Vulnerability Policy
MITRE Common Vulnerabilities and Exposures
Common Vulnerability Scoring System and the Security Impact Rating
Common Vulnerability Scoring System Q & A