A critical remote code execution flaw impacting various Cisco switches has been discovered and fixed. The zero-day found resides in the Cisco IOS embedded packet manager daemon, which provides support for features such as quality of service, access control lists, and routing protocols. According to researchers, the flaw allows an attacker to execute code on the affected device or cause it to reload, thereby disrupting its functionality.
The vulnerability affected several Cisco switches, including those belonging to the Cisco Catalyst, Embedded Services, MDS Multilayer Director, Nexus, Service Provider, and UCS lines. The flaw impacts Cisco IOS and Cisco IOS XE software and can be exploited by sending malicious IPC packets to an affected device. Cisco has released software updates to patch the vulnerability and urged customers to update to the latest software releases as soon as possible. Because the exploit requires valid credentials or social engineering, the risk of this vulnerability is reduced for most Cisco customers. However, it is still advisable to apply the patches as soon as possible to avoid any potential threats.
