Tristan Van Egroo

**Name of the Vulnerable Software and Affected Versions** Cisco IOS XR Software (affected versions not specified) **Description** A flaw exists in the Command Line Interface (CLI) of Cisco IOS XR Software that could allow a local attacker with authentication to execute arbitrary commands as root on the underlying operating system. This is due to inadequate validation of user-supplied arguments passed to specific CLI commands. An attacker with limited privileges could exploit this by using specially crafted commands. Successful exploitation may lead to privilege escalation to root access and the ability to execute arbitrary commands on the operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) Description: The issue is related to a logic error in memory management when handling SSL VPN connections, which could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This can be achieved by sending crafted SSL/TLS packets to the SSL VPN server of the affected device. Recommendations: For Cisco Adaptive Security Appliance (ASA) Software, update to a version that includes the fix for this issue. For Cisco Firepower Threat Defense (FTD) Software, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the SSL VPN feature until a patch is available.