Cisco released its semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication on September 26, 2018. In direct response to customer feedback, Cisco releases bundles of Cisco IOS and IOS XE Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year.
The September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes 12 Cisco Security Advisories that describe 13 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. One of the advisories describes a vulnerability that also exists in Cisco ASA Software. Cisco has released software updates that address these vulnerabilities.
All 13 of the vulnerabilities have a Security Impact Rating (SIR) of High. Successful exploitation of the vulnerabilities could allow an attacker to gain elevated privileges for an affected device or cause a denial of service (DoS) condition on an affected device.
Four of the vulnerabilities affect both Cisco IOS Software and Cisco IOS XE Software. One of the vulnerabilities affects Cisco IOS Software and seven of the vulnerabilities affect Cisco IOS XE Software. One of the vulnerabilities affects Cisco IOS XE Software and Cisco ASA Software. Cisco has confirmed that none of the vulnerabilities affect Cisco NX-OS Software.
To quickly determine if a specific Cisco IOS or IOS XE Software release is affected by one or more vulnerabilities, use the Cisco IOS Software Checker.