Cisco has released a security advisory fixing a vulnerability in several Cisco products. A remote attacker could exploit the vulnerability by using a specially crafted login credential on an affected system during authentication.
Cisco products running Cisco IOS XE Software Release Fuji 16.7.1 or Fuji 16.8.1 and configured to use the Authentication, Authorization, and Accounting (AAA) security services.
Depending on the vulnerability exploited, a successful attack could lead to arbitrary code execution, denial of service or system reload on an affected device.
Patches for affected systems are now available. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. For detailed information of the available patches, please refer to the section "Fixed Software" of corresponding security advisory at vendor's website.
Users should contact their product support vendors for the fixes and assistance.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa
https://www.hkcert.org/my_url/en/alert/18060701
https://www.us-cert.gov/ncas/current-activity/2018/06/06/Cisco-Releases-Security-Updates-Multiple-Products
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0315