I wish to provide a respectful shout to the following security advisories and news articles for their coverage of critical security vulnerabilities within Cisco IOS XE and the Drupal CMS (defined) released on the 28th and 29th of March respectively.
The backdoor (defined) account being remediated within the Cisco IOS XE update could have allowed an unauthenticated attack to remotely access the Cisco router or an affected switch and carry out any action allowed by privilege level 15
Meanwhile the Drupal vulnerability (dubbed “Drupalgeddon2”) is rated as highly critical since the vulnerability is both remotely exploitable and easy for an attacker to leverage allowing the attacker to carry out any action they choose.
Please follow the advice within the below linked to advisories and update any affected installations of these products that your organisation may have:
Cisco Removes Backdoor Account from IOS XE Software (includes mitigations if patching is not possible) by Catalin Cimpanu (Bleeping Computer)
Drupal Issues Highly Critical Patch: Over 1m Sites Vulnerable by Tom Spring (Kaspersky ThreatPost)