There's a slightly more serious flaw in the IPv6 implementation of Cisco StarOS. It's being tracked as CVE-2020-3324 and could allow a remote attacker without credentials to cause a denial of service on affected routers. It has a severity rating of 8.6.
Affected devices include Cisco's ASR 5000 Series Aggregation Services Routers and its Virtualized Packet Core-Single Instance (VPC-SI).
The routers could be attacked if they are running a vulnerable release of Cisco StarOS and have the Vector Packet Processing (VPP) feature enabled. However, VPP is disabled by default. Cisco has details about which releases of StarOS have been fixed in the advisory.
Finally, AnyConnect how much do computer engineers make mobility client for Windows has a flaw that can let an authenticated, local attacker perform a dynamic link library (DLL) hijacking attack. If attackers gained valid credentials on the Windows system, they could run malicious code with system-level privileges.
No comments:
Post a Comment