Cisco issues updates to address critical remote code execution, authentication bypass, and static default credential vulnerabilities affecting multiple router and firewall devices. The company also issued a security update to patch a privilege escalation vulnerability in the Cisco Prime License Manager software. The flaws received 9.8 CVSS base score qualitative severity ratings from Cisco which makes them all critical vulnerabilities. They can also be remotely exploited by unauthenticated attackers as part of low complexity attacks that don’t require user interaction. There are no workarounds that could be applied to address these vulnerabilities.
Source: https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-pre-auth-flaws-allowing-router-takeover/