Cisco has released updates for its IOS software to address more than a dozen critical and high severity vulnerabilities that expose the company’s switches and routers to remote attacks.
One of the critical flaws is CVE-2017-12229, a REST API issue that allows a remote attacker to bypass authentication and gain access to the web-based user interface of devices running vulnerable versions of the IOS software.
Another critical vulnerability related to the web-based user interface is CVE-2017-12230, which allows an authenticated attacker to escalate privileges. The problem is caused by the fact that new users created via the web interface are given elevated privileges by default. An attacker can create a new account and use it to gain access to the device with high privileges.
