Bug allows for a remote attacker to execute arbitrary code on industrial, enterprise tools. The vulnerability (CVE-2019-1861) is due to improper validation of files uploaded to the affected application. There are no workarounds for the bug and a software patch is required, Cisco said. On Monday, Cisco also released an update to a high-severity denial-of-service vulnerability (Cisco IOS XR Software) The bug was originally made public on May 15. On Wednesday it released patches for an additional seven medium-severities vulnerabilities.
Source: https://threatpost.com/cisco-high-severity-bugs/145446/