Cisco has disclosed an unpatched, high-severity vulnerability that impacts millions of devices. The vulnerability is in the logic that handles access control to one of the hardware components in Cisco s proprietary Secure Boot implementation. A successful exploit could allow the attacker to run arbitrary commands on the device with root privileges. Cisco also disclosed a similarly widely-impacting bug that exists in the web-based user interface (Web UI) of the Cisco IOS XE Software. The flaw exists because the affected software improperly sanitizes user-supplied input, Cisco said.
Source: https://threatpost.com/cisco-bugs-unpatched-millions-devices/144692/