Cisco has patched three critical vulnerabilities affecting components in its IOS XE internetworking operating system powering routers and wireless controllers, or products running with a specific configuration.
The worst of the flaws received the highest severity rating, 10 out of 10; it affects the Cisco Catalyst 9000 Family Wireless Controllers that includes the enterprise-class Catalyst 9800-CL Wireless Controllers for Cloud.
The security issues are part of Cisco’s updates for September 2021 and the full list of fixes counts 31 bugs, with more than a dozen of them being rated with a high-severity score or worse.
At the top of the list in terms of severity is CVE-2021-34770, a vulnerability that could be exploited remotely by an unauthenticated attacker to run arbitrary code with root privileges, a Cisco advisory informs.
Caused by insufficient bounds checking, it is in the vDaemon process in Cisco IOS XE SD-WAN Software, Cisco notes.
Last on the list of critical bugs that Cisco patched this month is CVE-2021-1619, a security issue in the authentication, authorization, and accounting function of Cisco IOS XE software.