Threat Post -
Unauthenticated cyberattackers can also wreak havoc on networking device configurations.
Cisco is warning three critical security vulnerabilities affect its flagship IOS XE software, the operating system for most of its enterprise networking portfolio. The flaws impact Cisco’s wireless controllers, SD-WAN offering and configuration mechanisms in use for scads of products.
The networking giant has released patches for all of them, as part of a comprehensive 32-bug update released this week.
CVE-2021-34770: RCE and DoS for Wireless Controllers
Boasting a rare 10 out of 10 CVSS vulnerability-severity rating, the issue (CVE-2021-34770) specifically exists in the control and provisioning of wireless access points (CAPWAP) protocol processing used by the Cisco IOS XE software that powers the devices.
“The vulnerability is due to a logic error that occurs during the validation of CAPWAP packets,” Cisco explained in its advisory this week. “An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the