Cisco released its semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication on September 25, 2019. In direct response to customer feedback, Cisco releases bundles of Cisco IOS and IOS XE Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year.
The September 25, 2019, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes 12 Cisco Security Advisories that describe 13 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Cisco has released software updates that address these vulnerabilities.
All vulnerabilities have a Security Impact Rating (SIR) of High. Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access to, conduct a command injection attack on, or cause a denial of service (DoS) condition on an affected device.
Two of the vulnerabilities affect both Cisco IOS Software and Cisco IOS XE Software. Two of the vulnerabilities affect Cisco IOS Software and eight of the vulnerabilities affect Cisco IOS XE Software. One of the vulnerabilities affects the Cisco IOx application environment. Cisco has confirmed that none of the vulnerabilities affect Cisco IOS XR Software or Cisco NX-OS Software.
To quickly determine if a specific Cisco IOS or IOS XE Software release is affected by one or more vulnerabilities, use the Cisco IOS Software Checker.
The following table identifies Cisco Security content that is associated with this bundled publication: