CVE number – CVE-2019-1862
Two bugs affecting networks have been disclosed by Cisco this week.
The first vulnerability is in the logic that handles access controls to one of the hardware components in Cisco’s proprietary Secure Boot implementation. The vulnerability could allow an authenticated local attacker to “write a modified firmware image to the component”. Cisco have confirmed that software updates will be released to address the vulnerability.
The detail of how the vulnerability came to be and future updates can be found on the relevant Cisco advisory.
The second vulnerability sits in the Cisco IOS XE operating system which is used to power enterprise wired and wireless access, aggregation, core and WAN products. Cisco explained that it occurs when “the affected software improperly sanitizes user-supplied input.” Unlike the first vulnerability, there is already a software update that will address this vulnerability and those affected should ensure this update is applied.
Further information and updates on this vulnerability can be found on Cisco’s advisory.