Cisco has emitted a fresh round of software updates to address security holes in its network switches and controllers.
Switchzilla's latest patch bundle includes six alerts for what it rates as critical issues, including flaws in its Small Business 220 Series switches and UCS Director software.
Combined with Cisco's fixes for 'high' and 'moderate' issues, the networking giant posted a total of 33 security alerts on Wednesday.
For the Small Business 220 Switches, a pair of patches address CVE-2019-1912, an authentication bypass flaw that lets an attacker inject a reverse shell through the web interface, and CVE-2019-1913, an remote code (as root) execution flaw also exploitable through the switch's web management interface without any authentication.
Proof-of-concept exploit code exists for both flaws, we're told, though Cisco says there are no reports of active malicious exploitation in the wild... yet.
The holes were found and reported by an infosec bod using the handle bashis.