MyCERT Advisories


MyCERT Advisories, Alerts and Summaries for the year 2018

MA-697.032018: MyCERT Advisory – Cisco Releases Security Updates

Date first published: 30/3/2018


1.0 Introduction
Cisco has released updates to address vulnerabilities affecting multiple products.


2.0 Impact
A remote attacker could exploit some of these vulnerabilities to obtain sensitive information.


3.0 Affected Products
 Cisco IOS XE
 Cisco IOS
 Cisco IOS XR



4.0 Recommendations
Users and administrators are encouraged to review the below links for more information and do necessary updates:

 Cisco IOS XE Software Static Credential Vulnerability:

 Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability:

 Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability:

 Cisco IOS XE Software Web UI Remote Access Privilege Escalation Vulnerability cisco-sa-20180328-xepriv

 Cisco IOS XE Software Simple Network Management Protocol Double-Free Denial of Service Vulnerability:

 Cisco IOS Software Simple Network Management Protocol GET MIB Object ID Denial of Service Vulnerability

 Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability

 Cisco IOS XE Software User EXEC Mode Root Shell Access Vulnerabilities

 Cisco IOS XE Software with Cisco Umbrella Integration Denial of Service Vulnerability

 Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities

 Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service Vulnerability

 Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability

 Cisco IOS and IOS XE Software Internet Key Exchange Memory Leak Vulnerability

 Cisco IOS XE Software Internet Group Management Protocol Memory Leak Vulnerability

 Cisco IOS XE Software Zone-Based Firewall IP Fragmentation Denial of Service Vulnerability

 Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability

 Cisco IOS and IOS XE Software DHCP Version 4 Relay Denial of Service Vulnerability

 Cisco IOS and IOS XE Software DHCP Version 4 Relay Reply Denial of Service Vulnerability

 Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service Vulnerability

 Cisco IOS and IOS XE Software Bidirectional Forwarding Detection Denial of Service Vulnerability


MyCERT advises the users of this software to be updated with the latest security announcements by the vendor, apply necessary updates and follow best practice security policies.


For further enquiries, please contact MyCERT through the following channels:
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442 
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYT
Cyber999 Mobile Apps: IOS Users or Android Users


5.0 References