Happy Cisco vulnerability day.
som 38 or so announcements.
Highlights
Anything running Cisco IOS XE 16.x
Anything still running smart Install if you haven't already turned it off.
The Adaptive QoS for Dynamic Multipoint VPN (DMVPN) feature of Cisco IOS Software and Cisco IOS XE
these are all critical
I had to go through all of those yesterday. You could tell how frustrated I was getting with each email to the cyber team. They started off as "We have no devices affected" then it moved to "Stupid bug we don't care about." Finally, I got to the default credential issue, and that email read something like. "Cisco Sucks. 2018 and default credential vulnerability? Really? Because the bug report lacks details I can't be sure we are not vulnerable so ... <insert bunch of details on how to make sure we were OK> ... Not like I didn't have anything better to do with my day. In closing Cisco Sucks."
-Otanx
What you don't patch today, gets exploited later today...