It’s already been a busy month of patching for Cisco Systems, and on Wednesday the networking giant rolled out nine more security updates addressing critical vulnerabilities across its core product lines.
Most notably, Cisco is warning of two security holes (one rated critical, the other high) found in its Cisco Cloud Services Platform 2100 (CCSP). One could allow an unauthenticated remote attacker to execute arbitrary code on a targeted system. The other is a command injection vulnerability found in the web-based GUI of the CCSP. This critical vulnerability could allow a remote attacker to gain root access privileges on CCSP’s underlying OS and execute arbitrary commands.
In both CCSP cases, Cisco has released software patches to fix the vulnerabilities.