Cisco released its semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication on March 28, 2018. In direct response to customer feedback, Cisco releases bundles of Cisco IOS and IOS XE Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year.
The March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes 20 Cisco Security Advisories that describe 22 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. One of the advisories describes a vulnerability that also exists in Cisco IOS XR Software. Cisco has released software updates that address these vulnerabilities.
Three of the vulnerabilities have a Security Impact Rating (SIR) of Critical. The remaining 19 vulnerabilities have a SIR of High. Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access to an affected device, gain elevated privileges for an affected device, execute arbitrary code, or cause a denial of service (DoS) condition on an affected device.
Eleven of the vulnerabilities affect both Cisco IOS Software and Cisco IOS XE Software. One of the vulnerabilities affects Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software. Of the remaining vulnerabilities, two affect only Cisco IOS Software and eight affect only Cisco IOS XE Software. Cisco has confirmed that none of the vulnerabilities affect Cisco NX-OS Software.
To quickly determine if a specific Cisco IOS or IOS XE Software release is affected by one or more vulnerabilities, use the Cisco IOS Software Checker.