Rewterz

Rewterz Threat Advisory – Cisco IOS XE Software Privilege Escalation Vulnerabilities

September 25, 2020
Rewterz

Rewterz Threat Alert – Emotet – IoCs

September 28, 2020

Rewterz Threat Advisory – CVE-2020-3426 – Cisco IOS Software for Cisco Industrial Routers information disclosure

Severity

High

Analysis Summary

Cisco IOS Software for Cisco Industrial Routers could allow a remote attacker to obtain sensitive information, caused by a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service.

Impact

  • Information disclosure
  • Denial of service

Affected Vendors

Cisco

Remediation

Refer to vendor advisory for the list of affected products and respective patches.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lpwa-access-cXsD7PRA

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.