Cisco Discloses Critical Security Alerts for OS, Routers

Cisco issued 31 security advisories and alerts over the past few days affecting, among other products, routers, operating systems, and LAN software. The vendor classified two as critical-impact vulnerabilities, six as high-impact, and 22 as medium. These new security alerts come about a month after Cisco issued patches for dozens of other software bugs. One of the critical flaws has been exploited in the wild. It’s part of a domain name system (DNS) hijacking campaign dubbed “Sea Turtle” that Cisco Talos researchers disclosed earlier this week. It affects the Cisco Cluster Management Protocol processing code in Cisco IOS and Cisco IOS XE software and could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The threat researchers say a nation state is behind this cyber campaign, and the attackers exploited this vulnerability to attack public and private organizations in the Middle East and North Africa. Cisco released a patch for this flaw and said there are no workarounds.