Skip to main content

Cisco Products Multiple Vulnerabilities

Release Date: 22 Apr 2024 2756 Views

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities were identified in Cisco products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and elevation of privilege on the targeted system.
 

Note:

Proof of concept exploit for CVE-2024-20295 and CVE-2024-20356 exists on the internet. CVE-2024-20356 required a local users who have at least resource read-only or higher privilege to perform critical actions and CVE-2024-20356 required a users who have at least resource administrator role privilege to perform critical actions. Hence, the overall risk level is medium.


Impact

  • Remote Code Execution
  • Elevation of Privilege

System / Technologies affected

  • 5000 Series Enterprise Network Compute Systems (ENCS)
  • Catalyst 8300 Series Edge uCPE
  • UCS C-Series M5, M6, and M7 Rack Servers in standalone mode
  • UCS E-Series Servers
  • UCS S-Series Storage Servers in standalone mode
  • 5520 and 8540 Wireless Controllers
  • Application Policy Infrastructure Controller (APIC) Servers
  • Business Edition 6000 and 7000 Appliances
  • Catalyst Center Appliances, formerly DNA Center
  • Cisco Telemetry Broker Appliance
  • Cloud Services Platform (CSP) 5000 Series
  • Common Services Platform Collector (CSPC) Appliances
  • Connected Mobile Experiences (CMX) Appliances
  • Connected Safety and Security UCS Platform Series Servers
  • Cyber Vision Center Appliances
  • Expressway Series Appliances
  • HyperFlex Edge Nodes
  • HyperFlex Nodes in HyperFlex Datacenter without Fabric Interconnect (DC-NO-FI) deployment mode
  • IEC6400 Edge Compute Appliances
  • IOS XRv 9000 Appliances
  • Meeting Server 1000 Appliances
  • Nexus Dashboard Appliances
  • Prime Infrastructure Appliances
  • Prime Network Registrar Jumpstart Appliances
  • Secure Email Gateways
  • Secure Email and Web Manager
  • Secure Endpoint Private Cloud Appliances
  • Secure Firewall Management Center Appliances, formerly Firepower Management Center
  • Secure Malware Analytics Appliances
  • Secure Network Analytics Appliances
  • Secure Network Server Appliances
  • Secure Web Appliances
  • Secure Workload Servers

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:


Vulnerability Identifier


Source


Related Link