Gladiator Research and Security

GSA Reference Number: AD090925-01

Simply Put: Cisco has announced eleven new vulnerabilities in multiple Cisco products.  Nine of the vulnerabilities affect Cisco’s IOS – the operating system for many Cisco devices.  Cisco IOS is present on Cisco routers and switches.  Two more vulnerabilities affect Unified Communications Manager.  The vulnerabilities cover denial of service and authentication bypass on IOS, as well as denial of service and remote code execution on Unified Communications Manager.   Many of these vulnerabilities are considered Critical by Gladiator, since a denial of service on a router would result in loss of Internet access.  Note: Cisco Firewalls do not run Cisco IOS and are not vulnerable to these issues.

GSA Reference Number: AD080327-01

Simply Put: Cisco has announced five vulnerabilities in their Cisco IOS (Cisco IOS is the operating system that most Cisco devices run, including all routers and switches). Gladiator is recommending customers upgrade their Cisco routers and switches to the latest IOS version. The first four vulnerabilities deal with issues that can lead to loss of service. The final vulnerability deals with possible data leakage. For a comprehensive list of affected IOS versions and recommended patched IOS versions refer to the Cisco article linked below in the Software Versions and Fixes section. To determine the version your Cisco switch or router is running, log in to a terminal session and run “show version” without the quotes. Then refer to the advisory in the reference link section to apply the correct IOS version.