Cisco has dropped 17 Security advisories describing 19 vulnerabilities in the software that runs most of its routers and switches, IOS and IOS\/XE.\nThe company also announced that two previously issued patches for its RV320 and RV325 Dual Gigabit WAN VPN Routers were \u201cincomplete\u201d and would need to be redone and reissued.\n\nCisco rates both those router vulnerabilities as \u201cHigh\u201d and describes the problems like this: \u00a0\u00a0\n\nOne vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root.\nThe second exposure is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information.\n\nCisco said firmware updates that address these vulnerabilities are not available and no workarounds exist, but is working on a complete fix for both.\nOn the IOS front, the company said six of the vulnerabilities affect both Cisco IOS Software and Cisco IOS XE Software, one of the vulnerabilities affects just Cisco IOS software and ten of the vulnerabilities affect just Cisco IOS XE software.\u00a0 Some of the security bugs, which are all rated as \u201cHigh\u201d, include:\n\nA vulnerability in the web UI of Cisco\u00a0IOS XE Software could let an unauthenticated, remote attacker access sensitive configuration information.\nA vulnerability in Cisco\u00a0IOS XE Software could let an authenticated, local attacker inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected commands.\nA weakness in the ingress traffic validation of Cisco\u00a0IOS XE Software for Cisco\u00a0Aggregation Services Router (ASR) 900 Route Switch Processor 3 could let an unauthenticated, adjacent attacker trigger a reload of an affected device, resulting in a denial of service (DoS) condition, Cisco said. The vulnerability exists because the software insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. An attacker could exploit this vulnerability by sending a malformed OSPF version 2 message to an affected device.\nA problem in the authorization subsystem of Cisco\u00a0IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco\u00a0IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker could exploit this vulnerability by submitting a malicious payload to a specific endpoint in the web UI, Cisco said.\nA vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco\u00a0IOS Software and Cisco\u00a0IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a DoS condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets, Cisco said.\n\nCisco has released free software updates that address the vulnerabilities described in these advisories and directs users to their software agreements to find out how they can download the fixes.