A critical security vulnerability with a CVSS 3.1 Score of 9.8 has been released by Microsoft that will cause remote code execution in Windows TCP/IP. Although there is no exploit detection for the published vulnerabilities, it is thought that attackers can produce exploit codes by examining and working on this fix, since it has released a security vulnerability and a patch.
The vulnerabilities shared by CISCO are Catalyst PON Switch CGP-ONT-1P, Catalyst PON Switch CGP-ONT-4P, Catalyst PON Switch CGP-ONT-4PV, Catalyst PON Switch CGP-ONT-4PVC and Catalyst PON Switch CGP-ONT-4TVCW affecting your devices.
Solution and CVE/CWE
The critical weakness in question can be fixed by applying the update on the CISCO website.
CVE/CWE: CVE-2021-40113, CVE-2021-40112, CVE-2021-40119
Note: A CVSS score of 3.1 (out of 10) of 7.0-8.9 is considered “high”, and 9.0-10.0 is considered a “critical” vulnerability.