Cisco has patched more than 30 vulnerabilities in its IOS software, including a critical remote code execution flaw that exposes hundreds of thousands – possibly millions – of devices to remote attacks launched over the Internet.
A total of three vulnerabilities have been rated critical. One of them is CVE-2018-0171, an issue discovered by researchers at Embedi in the Smart Install feature in IOS and IOS XE software.
An unauthenticated attacker can send specially crafted Smart Install messages to an affected device on TCP port 4786 and cause it to enter a denial-of-service (DoS) condition or execute arbitrary code.