On Wednesday, Cisco Systems issued three patches for critical vulnerabilities affecting Cisco Internetwork Operating System (IOS). The most serious of these affects the Cisco Voice Portal and the Secure Shell server (SSH) implementations.
Cisco says the first patch covers a vulnerability that exists in the Cisco Unified Customer Voice Portal (CVP) , which provides customer voice and video self-service integration. If the vulnerability is exploited, an authenticated user can create, modify, or delete a superuser account. In other words, successful exploitation may result in full control of the system.