Cisco Products Multiple Vulnerabilities

Release Date: 22 Apr 2024 3516 Views

RISK: Medium Risk

Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities were identified in Cisco products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and elevation of privilege on the targeted system.
 

Note:

Proof of concept exploit for CVE-2024-20295 and CVE-2024-20356 exists on the internet. CVE-2024-20356 required a local users who have at least resource read-only or higher privilege to perform critical actions and CVE-2024-20356 required a users who have at least resource administrator role privilege to perform critical actions. Hence, the overall risk level is medium.

Impact

  • Remote Code Execution
  • Elevation of Privilege

System / Technologies affected

  • 5000 Series Enterprise Network Compute Systems (ENCS)
  • Catalyst 8300 Series Edge uCPE
  • UCS C-Series M5, M6, and M7 Rack Servers in standalone mode
  • UCS E-Series Servers
  • UCS S-Series Storage Servers in standalone mode
  • 5520 and 8540 Wireless Controllers
  • Application Policy Infrastructure Controller (APIC) Servers
  • Business Edition 6000 and 7000 Appliances
  • Catalyst Center Appliances, formerly DNA Center
  • Cisco Telemetry Broker Appliance
  • Cloud Services Platform (CSP) 5000 Series
  • Common Services Platform Collector (CSPC) Appliances
  • Connected Mobile Experiences (CMX) Appliances
  • Connected Safety and Security UCS Platform Series Servers
  • Cyber Vision Center Appliances
  • Expressway Series Appliances
  • HyperFlex Edge Nodes
  • HyperFlex Nodes in HyperFlex Datacenter without Fabric Interconnect (DC-NO-FI) deployment mode
  • IEC6400 Edge Compute Appliances
  • IOS XRv 9000 Appliances
  • Meeting Server 1000 Appliances
  • Nexus Dashboard Appliances
  • Prime Infrastructure Appliances
  • Prime Network Registrar Jumpstart Appliances
  • Secure Email Gateways
  • Secure Email and Web Manager
  • Secure Endpoint Private Cloud Appliances
  • Secure Firewall Management Center Appliances, formerly Firepower Management Center
  • Secure Malware Analytics Appliances
  • Secure Network Analytics Appliances
  • Secure Network Server Appliances
  • Secure Web Appliances
  • Secure Workload Servers

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

Related Tags

CiscoRemote Code ExecutionElevation of Privilege

Share with

Previous

Microsoft Edge Multiple Vulnerabilities

19 Apr 2024 4132 Views

Next

Mozilla Thunderbird Multiple Vulnerabilities

23 Apr 2024 3420 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY