Cisco announced 26 vulnerabilities this week, including two critical flaws affecting core equipment that could grant attackers an avenue into networks.
The privilege escalation vulnerability, CVE-2019-1625, is caused by insufficient authorisation enforcement and could allow the attacker to make configuration changes to the system as the root user.
The authentication bypass vulnerability, CVE-2019-1848, is caused by insufficient access restriction to ports necessary for system operation and could allow an attacker to reach internal services that are not hardened for external access.
Cisco also notified users of a remote command execution vulnerability in several of its routers that can allow a remote attacker to execute arbitrary code on an affected device.
This article was originally published on SC Media US.