Cisco released its semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication on September 28, 2016. In direct response to customer feedback, Cisco releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year.
The September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes 10 Cisco Security Advisories that describe 11 vulnerabilities in Cisco IOS and IOS XE Software. Cisco has confirmed that none of the vulnerabilities exist in Cisco IOS XR Software or Cisco NX-OS Software.
Seven of the advisories describe vulnerabilities that are common to both Cisco IOS and IOS XE Software. One advisory describes a vulnerability that exists only in Cisco IOS Software. Two other advisories describe vulnerabilities that exist only in Cisco IOS XE Software. All the vulnerabilities have a Security Impact Rating of “High.” Exploits of the individual vulnerabilities could result in a denial of service (DoS) condition or a memory leak.
To quickly determine if a specific Cisco IOS or IOS XE Software release is exposed to Cisco product vulnerabilities, use the Cisco IOS Software Checker.