Cisco releases update for its IOS XE operating system to fix a critical security flaw. The flaw resides in the REST API virtual service container for Cisco’s OS. The vulnerability could allow a remote attacker to bypass authentication on devices running an outdated version of virtual service containers. There are no workarounds available, the company says in the security advisory for the flaw. Cisco also published security announcements for nine other issues of high and medium severity affecting Cisco’s NX-OS, FXOS, NX- OS, and Nexus 9000 Series Fabric Switches.
Source: https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-bug-in-virtual-service-container-for-ios-xe/