Advisories: Cisco

This page shows the security advisories feed for Cisco products:

  • Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024
    On July 1, 2024, the Qualys Threat Research Unit (TRU) disclosed an unauthenticated, remote code execution vulnerability that affects the OpenSSH server (sshd) in glibc-based Linux systems. CVE-2024-6387: A signal handler race condition was found in sshd, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then the sshd SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). For a description of this vulnerability, see the Qualys Security Advisory. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024 Security Impact Rating: High CVE: CVE-2024-6387
  • Cisco Routed Passive Optical Network Controller Vulnerabilities
    Multiple vulnerabilities in Cisco Routed Passive Optical Network (PON) Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker to perform command injection attacks, execute arbitrary commands on the affected system, or retrieve a cleartext password.  For more information about these vulnerabilities, see the Details section of this advisory. Cisco plans to release software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL This advisory is part of the September 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication. Security Impact Rating: High CVE: CVE-2024-20483,CVE-2024-20489
  • Cisco IOS XR Software UDP Packet Memory Exhaustion Vulnerability
    A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device. This vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to exhaust the incoming UDP packet memory. The affected device would not be able to process higher-level UDP-based protocols packets, possibly causing a denial of service (DoS) condition. Note: This vulnerability can be exploited using IPv4 or IPv6. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pak-mem-exhst-3ke9FeFy This advisory is part of the September 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication. Security Impact Rating: High CVE: CVE-2024-20304
  • Cisco IOS XR Software Network Convergence System Denial of Service Vulnerability
    A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect classification of certain types of Ethernet frames that are received on an interface. An attacker could exploit this vulnerability by sending specific types of Ethernet frames to or through the affected device. A successful exploit could allow the attacker to cause control plane protocol relationships to fail, resulting in a DoS condition. For more information, see the Details section of this advisory. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-l2services-2mvHdNuC This advisory is part of the September 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication. Security Impact Rating: High CVE: CVE-2024-20317
  • Cisco IOS XR Software Segment Routing for Intermediate System-to-Intermediate System Denial of Service Vulnerability
    A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending specific IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process on all affected devices that are participating in the Flexible Algorithm to crash and restart, resulting in a DoS condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency. This vulnerability affects segment routing for IS-IS over IPv4 and IPv6 control planes as well as devices that are configured as level 1, level 2, or multi-level routing IS-IS type. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-xehpbVNe This advisory is part of the September 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication. Security Impact Rating: High CVE: CVE-2024-20406
  • Cisco IOS XR Software Dedicated XML Agent TCP Denial of Service Vulnerability
    A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while the attack traffic persists. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-xml-tcpdos-ZEXvrU2S This advisory is part of the September 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication. Security Impact Rating: Medium CVE: CVE-2024-20390
  • Cisco IOS XR Software CLI Arbitrary File Read Vulnerability
    A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-shellutil-HCb278wD This advisory is part of the September 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication. Security Impact Rating: Medium CVE: CVE-2024-20343
  • Cisco IOS XR Software CLI Privilege Escalation Vulnerability
    A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-CrG5vhCq This advisory is part of the September 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication. Security Impact Rating: High CVE: CVE-2024-20398
  • Multiple Cisco Products Web-Based Management Interface Privilege Escalation Vulnerability
    A vulnerability in the JSON-RPC API feature in ConfD that is used by the web-based management interfaces of Cisco Crosswork Network Services Orchestrator (NSO), Cisco Optical Site Manager, and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device. This vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp Security Impact Rating: High CVE: CVE-2024-20381
  • Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. Cisco has released software updates that address CSCwh78725. Cisco has not released software updates that address CSCwe48929. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-vdF8Jbyk Security Impact Rating: Medium CVE: CVE-2024-20466
  • Cisco Smart Licensing Utility Vulnerabilities
    Multiple vulnerabilities in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to collect sensitive information or administer Cisco Smart Licensing Utility services on a system while the software is running. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. For more information about these vulnerabilities, see the Details section of this advisory. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw Security Impact Rating: Critical CVE: CVE-2024-20439,CVE-2024-20440
  • Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability
    A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.  This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges.  Cisco Meraki has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-agent-dll-hj-Ptn7PtKe Security Impact Rating: High CVE: CVE-2024-20430
  • Cisco Identity Services Engine Command Injection Vulnerability
    A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have valid Administrator privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-6kn9tSxm Security Impact Rating: Medium CVE: CVE-2024-20469
  • Cisco Expressway Edge Improper Authorization Vulnerability
    A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access (MRA) users. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to intercept calls that are destined for a particular phone number or to make phone calls and have that phone number appear on the caller ID. To successfully exploit this vulnerability, the attacker must be an MRA user on an affected system. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-auth-kdFrcZ2j Security Impact Rating: Medium CVE: CVE-2024-20497
  • Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability
    A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability by viewing or querying the registry key on the affected system. A successful exploit could allow the attacker to view sensitive information in cleartext. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-epic-info-sdLv6h8y Security Impact Rating: Medium CVE: CVE-2024-20503
  • RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024
    On July 7, 2024, security researchers disclosed the following vulnerability in the RADIUS protocol: CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by an on-path attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. This vulnerability may impact any RADIUS client and server. For a description of this vulnerability, see VU#456537: RADIUS protocol susceptible to forgery attacks.  This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-radius-spoofing-july-2024-87cCDwZ3 Security Impact Rating: High CVE: CVE-2024-3596
  • Multiple Cisco Products OpenSocial Gadget Editor Vulnerabilities
    Multiple vulnerabilities in the web-based management interface of Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack and obtain potentially confidential information by leveraging a flaw in the authentication mechanism. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multi-vuln-finesse-qp6gbUO2 Security Impact Rating: Medium CVE: CVE-2021-1245,CVE-2021-1246
  • Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability
    A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete child policies created under default system policies, which are implicitly used by all tenants in the fabric, resulting in disruption of network traffic. Exploitation is not possible for policies under tenants that an attacker has no authorization to access. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-cousmo-uBpBYGbq Security Impact Rating: Medium CVE: CVE-2024-20279
  • Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability
    A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system. This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root. Note: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-priv-esc-uYQJjnuU Security Impact Rating: Medium CVE: CVE-2024-20478
  • Cisco NX-OS Software Bash Arbitrary Code Execution and Privilege Escalation Vulnerabilities
    Multiple vulnerabilities in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code with root privileges or elevate privileges to network-admin on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bshacepe-bApeHSx7 This advisory is part of the August 2024 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: August 2024 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. Security Impact Rating: Medium CVE: CVE-2024-20411,CVE-2024-20413
  • More...

Tell me what you are thinking?