By 
On Wednesday, Cisco issued patches for 30 flaws, including a grave bug affecting ASR 9000 Series Aggregation Services Routers running IOS XR 64-bit software.
The flaw, tracked as CVE-2019-1710 and containing a CVSS score of 9.8, could allow an unverified, distant attacker to get access to internal applications running on the sysadmin virtual machine (VM).
The matter exists in the improper separation of the secondary management interface from internal sysadmin applications. Therefore, only ASR 9000 routers that have the secondary management interface connected and configured are impacted.
In an advisory, Cisco said that an attacker could exploit that flaw by connecting to one of the listening internal applications, adding that a successful exploit could lead to uneven conditions, including both a denial of service and remote unauthenticated access to the device.
Customers are directed to install the restructured software to address the issue. Although a workaround is there, Cisco claims it is equal to upgrading to the patched software.
Also on Wednesday, Cisco issued fixes for 6 high-severity bugs in Inter-Access Point Protocol (IAPP) messages by Wireless LAN Controller (WLC) software, and in the administrative GUI configuration and the web-based management interface of WLC software.
As many as 23 medium-severity vulnerabilities were addressed as well, affecting WLC software, the URL block page of Cisco Umbrella, UCS B-Series Blade Servers, Unified Communications Manager (Unified CM), DNA Center, Registered Envelope Service, Prime Network Registrar, Identity Services Engine (ISE), ASR 9000 routers, IOS XR Software, Expressway Series and TelePresence VCS, Email Security Appliance (ESA), Firepower Management Center (FMC), Directory Connector, and Aironet Series Access Points.
Cisco also updated two formerly released advisories to update information about public misuse. The first refers to CVE-2017-3881, a grave susceptibility the U.S. Central Intelligence Agency (CIA) is thought to have harmed to target Cisco routers, while the second refers to CVE-2017-6736, CVE-2017-6737, and CVE-2017-6738, three high-severity bugs originally addressed in June 2017.
