Flawed Cisco update threatens to stop APs from getting further patches
Summary
A flawed Cisco software update has introduced a critical vulnerability in over 200 Cisco IOS XE wireless access point models. This flaw causes a log file to grow rapidly, consuming flash memory and preventing further software updates, potentially rendering the devices insecure or bricked.
IFF Assessment
This flaw creates a Catch-22 situation where the update needed to fix the bug cannot be applied due to the bug itself, making defense difficult.
Severity
The CVSS score is estimated based on the critical nature of the vulnerability impacting device availability and the potential for it to be unrecoverable without manual intervention. The potential for widespread impact across many models also contributes to the high score.
Defender Context
This issue highlights the importance of robust patch verification processes, as a flawed update can actively prevent subsequent fixes. Defenders need to be aware of potential vendor update issues and have contingency plans for devices that may become unpatchable.