Cisco has distributed a string of patches for 16 security faults that include a fix for a likely remote code completion in its IOS XE routing software. The patches address a mass of security conditions that are caused by faulty queued packets.
One flaw allows attackers to gain remote code completion in IOS XE by sending a crafted packet that allows code to run on affected boxes. Attackers are also able to send crafted packets to cause denial of service (DoS).
Another fix addresses flaws that admit attackers to spoof Autonomic Networking Registration Authority response thanks to lax message validation.
Further vulnerabilities connected in that advisory lead to denial of service conditions.