Cisco wydało półroczną publikację dotyczącą oprogramowania Cisco IOS i IOS XE w pakiecie z poradami dotyczącymi bezpieczeństwa oprogramowania 24 września 2020 r
Wydanie z 24 września 2020 r. Pakietu Cisco IOS i IOS XE Software Advisory Advisory zawiera 25 porada , które opisują 34 luki w zabezpieczeniach w oprogramowaniu Cisco IOS i oprogramowaniu Cisco IOS XE. Firma Cisco wydała aktualizacje oprogramowania, które usuwają te luki.
Spośród wszystkich 25 ma wysoki wskaźnik krytyczności
Aby szybko ustalić, czy dana wersja oprogramowania Cisco IOS lub IOS XE jest zagrożona przez co najmniej jedną lukę, klienci mogą skorzystać z narzędzia Cisco Software Checker.

Lista podatności i odnośniki do szczegółowych informacji na temat podatności i produktów które one dotyczą.

Cisco Security Advisory       CVE ID       SIRCVSS
Cisco IOS and IOS XE Software ISDN Q.931 Denial of Service VulnerabilityCVE-2020-3511High7.4
Cisco IOS and IOS XE Software PROFINET Denial of Service VulnerabilityCVE-2020-3409High7.4
Cisco IOS and IOS XE Software PROFINET Link Layer Discovery Protocol Denial of Service VulnerabilityCVE-2020-3512High7.4
Cisco IOS and IOS XE Software Split DNS Denial of Service VulnerabilityCVE-2020-3408High8.6
Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access VulnerabilityCVE-2020-3426High7.5
Cisco IOS XE Software Arbitrary Code Execution VulnerabilityCVE-2020-3417High6.8
Cisco IOS XE Software Common Open Policy Service Engine Denial of Service VulnerabilityCVE-2020-3526High8.6

Cisco IOS XE Software Ethernet Frame Denial of Service Vulnerability
CVE-2020-3465High7.4

Cisco IOS XE Software for Catalyst 9200 Series Switches Umbrella Connector Denial of Service Vulnerability
CVE-2020-3510High8.6

Cisco IOS XE Software for Catalyst 9800 Series and Cisco AireOS Software for Cisco WLC Flexible NetFlow Version 9 Denial of Service Vulnerability
CVE-2020-3492High8.6

Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Multicast DNS Denial of Service Vulnerability
CVE-2020-3359High8.6

Cisco IOS XE Software for Cisco 4461 Integrated Services Routers Denial of Service Vulnerability
CVE-2020-3414High8.6

Cisco IOS XE Software for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor IP ARP Denial of Service Vulnerability
CVE-2020-3508High7.4

Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities
CVE-2020-3416 CVE-2020-3513High6.7

Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers DHCP Denial of Service Vulnerability
CVE-2020-3509High8.6

Cisco IOS XE Software IP Service Level Agreements Denial of Service Vulnerability
CVE-2020-3422High8.6
Cisco IOS XE Software Privilege Escalation VulnerabilitiesCVE-2020-3141 CVE-2020-3425High8.8

Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability
CVE-2020-3407High8.6

Cisco IOS XE Software Web UI Authorization Bypass Vulnerability
CVE-2020-3400High8.8
Cisco IOS XE Software Zone-Based Firewall Denial of Service VulnerabilitiesCVE-2020-3421 CVE-2020-3480High8.6
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service VulnerabilitiesCVE-2020-3486 CVE-2020-3487 CVE-2020-3488 CVE-2020-3489 CVE-2020-3493 CVE-2020-3494 CVE-2020-3497High7.4
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service VulnerabilityCVE-2020-3399High8.6
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service VulnerabilityCVE-2020-3390High7.4
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WLAN Local Profiling Denial of Service VulnerabilityCVE-2020-3428High7.4
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WPA Denial of Service VulnerabilityCVE-2020-3429High7.4
Cisco IOS XR Software DVMRP Memory Exhaustion VulnerabilitiesCVE-2020-3566
CVE-2020-3569
High8.6