“Customers upgrade to a fixed software release to remediate these vulnerabilities.”
Cisco’s Identity Services Engine had a perfect 10/10 severity remote code execution bug that required zero authentication. Attackers were exploiting it in the wild for three weeks before Cisco even acknowledged it. The company disclosed the flaw on June 25 without a patch, exploitation started around July 5, and public acknowledgment of active attacks came July 21. Three perfect-10 CVEs in a single product in a month is not a rough patch. It is a product that should not be internet-facing.