• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

Cisco Publishes 3 High Impact & Above Vulnerabilities: What to Do

Cisco shops take note: the tech leader recently announced a trio of high impact and above vulnerabilities affecting some of its cisco vulnerabilitiesmore popular solutions. As is the case with any vulnerability, organizations leveraging these technologies should take immediate action in order to mitigate possible exposures. Otherwise, they risk leaving themselves at the mercy of opportunistic cyber criminals. Let’s take a look at each of these vulnerabilities, and what can be done about them, with insight from Arraya’s Network and Security team.

Critical Vulnerability: Privileged access on Cisco Switches

A default setting on a variety of switch offerings from Cisco’s Small Business, Smart, and Managed lines could allow an unauthorized user to gain admin rights on the device. These switches come configured with an admin-level (level 15) default account. This profile comes into play during the initial login and it can’t be deleted from the device. However, it will go dormant as long as additional level 15 admin accounts are configured on the switch.

Security researchers noticed that in the event all level 15 admin accounts are removed from a switch, this default profile reactivates. On top of that, it does so quietly, leaving admins in the dark about this potential liability. As a result, should an attacker gain access to this account, he or she would have full run of the switch.

To remediate this, admins must ensure there is at least one level 15 account spun up on any potentially affected device. If such an account doesn’t exist, they must take steps to spin one up ASAP. Furthermore, strong passwords are must for any account but especially for accounts with this level of authority.

Affected devices include:

  • Cisco Small Business 200 Series Smart Switches
  • Cisco Small Business 300 Series Managed Switches
  • Cisco Small Business 500 Series Stackable Managed Switches
  • Cisco 250 Series Smart Switches
  • Cisco 350 Series Managed Switches
  • Cisco 350X Series Stackable Managed Switches
  • Cisco 550X Series Stackable Managed Switches

High Impact Vulnerability #1: ASA/FTD-based DoS attacks

An error in the Session Initiation Protocol (SIP) inspection engine employed by Cisco’s ASA and Firepower Threat Defense could leave both tools vulnerable to a denial of service (DoS) attack. The SIP inspection engine is automatically enabled on each solution, but it can struggle to process SIP traffic efficiently. By virtue of this, a savvy-attacker could simply overwhelm these solutions with traffic, knocking them offline.

Cisco has released not one but four separate mitigation strategies for dealing with this vulnerability. For example, they could disable SIP inspection. Admins could also block suspicious hosts, filter possibly malicious addresses, or impose a rate limit on SIP traffic.

Affected devices include:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4100 Series Security Appliance
  • Firepower 9300 ASA Security Module
  • FTD Virtual (FTDv)

High Impact Vulnerability #2: Meraki privilege escalation

A weak point in Meraki’s local status page could inadvertently let attackers gain high-level access privileges to affected devices. Consequently, by using this newfound administrative might, attackers could gain a tactical foothold into an organization’s network or access and modify the device’s configuration data. Further worsening the matter is the fact that, on all affected devices, this local status page is automatically provisioned.

As of press time, there is no workaround that will allow organizations to stay safe while continuing to use Meraki’s local status page. Instead, admins are encouraged to disable this page should their organizational needs and obligations allow it. One note of caution: doing so can result in a loss of additional functionality.

Here’s a list of the Meraki devices impacted:

  • MR devices
  • MS devices
  • MX devices (includes physical devices and the vMX100 virtual appliance)
  • Z1 and Z3 devices

Next steps: Protecting your Cisco environment against vulnerabilities

Does your organization leverage any of the above solutions? Arraya’s Network and Security team can work with you to mitigate each of the above risks and identify any additional trouble spots. Arraya’s team has the knowledge and experience needed to help organizations of all shapes and sizes plan, protect, and prevail against today’s evolving threat landscape. Reach out to our team now by visiting: https://www.arrayasolutions.com//contact-us/.

As always, let us know what you think of this post! Leave us any comments or questions on our social media pages. We can be found on LinkedIn, Twitter, and Facebook. Then, follow us so you can keep up with our take on industry news and access our exclusive learning opportunities.

 

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}