Cisco has released updates fixing multiple critical vulnerabilities in Cisco Policy Suite and Cisco Catalyst PON Series Switches Optical Network Terminal.
Successful exploitation of the vulnerabilities may lead to Remote Code Execution and Full System Compromise.
- CVE-2021-40119(CVSS 3.1: 9.8, Critical)
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user.
- CVE-2021-34795, CVE-2021-40112,CVE-2021-40113 (CVSS 3.1: 10.0, Critical)
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform command injections, modify the configuration and log in with a default credential if the Telnet protocol is enabled.
- Cisco Policy Suite versions prior to 21.2.0.
- Cisco Catalyst PON Switches:
- CGP-ONT-1P, prior to version 18.104.22.168.
- CGP-ONT-4P, prior to version 22.214.171.124.
- CGP-ONT-4PV, prior to version 126.96.36.199.
- CGP-ONT-4PVC, prior to version 188.8.131.52.
- CGP-ONT-4TVCW, prior to version 184.108.40.206.
To mitigate the vulnerabilities, please follow the steps of the original advisories linked below, per the relevant product and version:
There are no Workarounds available.
References: Cisco Security Advisories