Old vulnerabilities in Cisco products actively exploited in the wild

Pierluigi Paganini December 19, 2022

IT giant Cisco is warning of threat actors exploiting many old vulnerabilities in attacks in the wild.

Cisco has updated multiple security advisories to warn of the active exploitation of several old vulnerabilities impacting its products.

The bugs, some of which are rated as ‘critical’ severity, impact Cisco IOS, NX-OS, and HyperFlex software.

Below are the critical vulnerabilities being exploited in attacks in the wild:

  • CVE-2017-12240 (CVSS score of 9.8) – The vulnerability affects the DHCP relay subsystem in IOS and IOS XE software. The vulnerability could be exploited by a remote and unauthenticated attacker that can execute arbitrary code and gain full control of the targeted system. The flaw could be also exploited to cause a denial-of-service (DoS) condition by triggering a buffer overflow via specially crafted DHCPv4 packets.
  • CVE-2018-0125 (CVSS score of 9.8) – A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. 
  • CVE-2018-0147 (CVSS score of 9.8) – The vulnerability is a Java deserialization issue that affects Cisco Access Control System (ACS) that can be exploited by an unauthenticated, remote attacker to execute arbitrary commands with root privileges on an affected device.
  • CVE-2018-0171 (CVSS score of 9.8) – The vulnerability affects the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software, it could be exploited by an unauthenticated, remote attacker to cause a reload of a vulnerable device or to execute arbitrary code on an affected device.
  • CVE-2021-1497 (CVSS score of 9.8) –  The vulnerability is a Command Injection issue that resides in the web-based management interface of Cisco HyperFlex HX.

Organizations are recommended to review the Cisco’s advisories and apply security patches released by the company.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Moshen Dragon)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment