Cisco released 25 patches in its latest round of security advisories including four which were rated critical and nine which were rated high-security risks.
The critical vulnerabilities include a database unauthenticated access vulnerability and an unauthenticated access vulnerability affecting Cisco Policy Suite Policy Builder, a vulnerability in the Open Systems Gateway initiative (OSGi) interface, and a default password vulnerability.
The unauthenticated access vulnerability in the Policy Builder interface could allow an attacker to exploit this vulnerability by accessing the Policy Builder interface to make changes to existing repositories and create new repositories.
The defaults password vulnerability is in Cisco's Policy Suite Cluster Manager and is due to the presence of undocumented, static user credentials for the root account which could allow an attacker to use the account to log in to an affected system to log in to the affected system and execute arbitrary commands as the root user.
Researchers recommended users update their systems as soon as possible to prevent exploitation.