This page shows the security advisories feed for Cisco products:
- Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024
On July 1, 2024, the Qualys Threat Research Unit (TRU) disclosed an unauthenticated, remote code execution vulnerability that affects the OpenSSH server (sshd) in glibc-based Linux systems. CVE-2024-6387: A signal handler race condition was found in sshd, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then the sshd SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). For a description of this vulnerability, see the Qualys Security Advisory. This advisory will be updated as additional information becomes available. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024 Security Impact Rating: High CVE: CVE-2024-6387 - RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024
On July 7, 2024, security researchers disclosed the following vulnerability in the RADIUS protocol: CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by an on-path attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. This vulnerability may impact any RADIUS client and server. For a description of this vulnerability, see VU#456537: RADIUS protocol susceptible to forgery attacks. This advisory will be updated as additional information becomes available. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-radius-spoofing-july-2024-87cCDwZ3 Security Impact Rating: High CVE: CVE-2024-3596 - Cisco Smart Software Manager On-Prem Password Change Vulnerability
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy Security Impact Rating: Critical CVE: CVE-2024-20419 - Cisco Webex App Vulnerabilities
Multiple vulnerabilities in Cisco Webex App could allow an unauthenticated attacker to gain access to sensitive credential information. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. The updates are part of the Cisco Webex service, and no customer action is necessary to get these software updates. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j Security Impact Rating: Medium CVE: CVE-2024-20395,CVE-2024-20396 - Cisco Secure Web Appliance Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least guest credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-priv-esc-7uHpZsCC Security Impact Rating: High CVE: CVE-2024-20435 - Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability
A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-7pqFU2e Security Impact Rating: Medium CVE: CVE-2024-20416 - Cisco Identity Services Engine Arbitrary File Upload Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-krW2TxA9 Security Impact Rating: High CVE: CVE-2024-20296 - Cisco Intelligent Node Software Static Key Vulnerability
A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes and send arbitrary traffic to an affected device. This vulnerability is due to the presence of hard-coded cryptographic material. An attacker in a man-in-the-middle position between Cisco iNode Manager and associated deployed nodes could exploit this vulnerability by using the static cryptographic key to generate a trusted certificate and impersonate an affected device. A successful exploit could allow the attacker to read data that is meant for a legitimate device, modify the startup configuration of an associated node, and, consequently, cause a denial of service (DoS) condition for downstream devices that are connected to the affected node. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-inode-static-key-VUVCeynn Security Impact Rating: High CVE: CVE-2024-20323 - Cisco Expressway Series Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-redirect-KJsFuXgj Security Impact Rating: Medium CVE: CVE-2024-20400 - Cisco Secure Email Gateway Server-Side Template Injection Vulnerability
A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To successfully exploit this vulnerability, an attacker would need at least valid Operator credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-priv-esc-ssti-xNO2EOGZ Security Impact Rating: Medium CVE: CVE-2024-20429 - Cisco Secure Email Gateway Arbitrary File Write Vulnerability
A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device. Note: Manual intervention is required to recover from the DoS condition. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH Security Impact Rating: Critical CVE: CVE-2024-20401 - Cisco IOS XR Software Secure Boot Bypass Vulnerability
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device. This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system’s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-secure-boot-quD5g8Ap Security Impact Rating: High CVE: CVE-2024-20456 - Cisco NX-OS Software CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials. The following Cisco devices already allow administrative users to access the underlying operating system through the bash-shell feature, so, for these devices, this vulnerability does not grant any additional privileges: Nexus 3000 Series Switches Nexus 7000 Series Switches that are running Cisco NX-OS Software releases 8.1(1) and later Nexus 9000 Series Switches in standalone NX-OS mode Cisco has released software updates for certain Cisco NX-OS hardware platforms and will continue to release fixes as they become available. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP Security Impact Rating: Medium CVE: CVE-2024-20399 - Cisco Integrated Management Controller Web-Based Management Interface Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb Security Impact Rating: High CVE: CVE-2024-20356 - Cisco Integrated Management Controller CLI Command Injection Vulnerability
A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ Security Impact Rating: High CVE: CVE-2024-20295 - Cisco Finesse Web-Based Management Interface Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to perform a stored cross site-scripting (XSS) attack by exploiting a remote file inclusion (RFI) vulnerability or perform a server-side request forgery (SSRF) attack an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew Security Impact Rating: Medium CVE: CVE-2024-20404,CVE-2024-20405 - Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Secure Email Gateway, formerly Email Security Appliance (ESA); and Secure Web Appliance could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD Security Impact Rating: Medium CVE: CVE-2024-20256,CVE-2024-20257,CVE-2024-20258,CVE-2024-20383 - Cisco Secure Email Gateway HTTP Response Splitting Vulnerability
A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to insufficient input validation of some parameters that are passed to the web-based management API of the affected system. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to perform cross-site scripting (XSS) attacks, resulting in the execution of arbitrary script code in the browser of the targeted user, or could allow the attacker to access sensitive, browser-based information. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-http-split-GLrnnOwS Security Impact Rating: Medium CVE: CVE-2024-20392 - Cisco Webex Meetings Meeting Information and Metadata Issue June 2024
In early May 2024, Cisco identified bugs in Cisco Webex Meetings that we now believe were leveraged in targeted security research activity allowing unauthorized access to meeting information and metadata in Cisco Webex deployments for certain customers. These bugs have been addressed and a fix has been fully implemented worldwide as of May 28, 2024. Cisco has notified those customers who we identified as being affected by this activity based on available access logs. Because we strive to retain access logs only as long as necessary to deliver the service and comply with applicable records retention requirements and data protection limits, our access logs are not retained indefinitely and are deleted on a rolling basis. Cisco does not have available access logs on the data set before May 6, 2024. Since the bugs were patched, Cisco has not observed any further successful attempts to obtain new meeting data or metadata leveraging the bugs. Our investigation is still ongoing, and Cisco is providing the following updates: Cisco believes with high confidence that the same actor involved in targeted research activity obtained a larger data set of meeting data prior to May 6, 2024. Cisco has been notified by a limited number of customers of successful attempts to dial into meetings from the Public Switched Telephone Network (PSTN) using meeting data that was retrieved prior to the deployment of bug fixes. In a successful PSTN dial-in, the actor identified themselves and stated the effort was to support security research. Cisco recommends that customers who have PSTN enabled for their scheduled meetings verify that they require passcodes for dial-in users. If not previously enabled, enabling a passcode will require the host to re-send the meeting invitation with the new passcode. For customers who have Personal Meeting Rooms (PMR) configured, Cisco recommends that customers verify that their lobby feature is enabled and configured as recommended in our best practices guidance (see below). This will require unauthenticated and external meeting participants to wait in a virtual lobby unless and until the host directly admits them to the meeting. Customers are advised to review meeting information and metadata that may have been obtained before the bug fix was fully implemented worldwide as of May 28, 2024, and assess the risk for their deployments. Cisco Webex Meetings customers should continue to monitor regular support channels for further communication and are encouraged to use those channels for further questions. As always, Cisco will communicate through established channels. Cisco welcomes the opportunity to engage with customers and the security community to enhance security across the industry. For a detailed list of security capabilities for Personal Meeting Rooms, the PSTN dial-in option for Cisco Webex Meeting hosts, and Cisco Webex administrators, see Best practices for secure meetings: hosts and Webex best practices for secure meetings: Control Hub. Obtaining Additional Support For general security and support concerns about Cisco products and cloud-hosted services, the Cisco Technical Assistance Center (TAC) can provide configuration and technical assistance. The Cisco TAC can also help with nonsensitive security incidents and software upgrades for security bug fixes. TAC Support Worldwide contact information. Security Impact Rating: Informational - Cisco OpenDNS Pulsing DNS Denial of Service Attack
The Cisco OpenDNS service was susceptible to a DNS pulsing attack due to improper handling if a large volume of queued DNS requests was received. This attack takes advantage of multiple commonly implemented DNS mechanisms. DNS queries are sent at a low rate and amplified into large-sized responses. This concentrates the DNS responses into a short, high-volume burst to overwhelm target systems. Security Impact Rating: Informational - More...