Cisco informuje o nowych podatnościach. (P24-103)

utworzone przez | kwi 4, 2024 | Aktualizacje

27 marca 2024 r. firma Cisco opublikowała porady dotyczące bezpieczeństwa dotyczące luk w zabezpieczeniach wielu produktów. Uwzględniono aktualizacje następujących elementów:

Cisco IOS – wiele wersji i platform

Cisco IOS XE – wiele wersji i platform

Cisco Access Points – wiele wersji i platform

Cisco Switches – wiele wersji i platform

Cisco SD-Access fabric edge node – wiele wersji i platform

Opis/LinkKrytycznośćCVE ID
 Cisco IOS XE Software Unified Threat Defense Command Injection VulnerabilityŚredniaCVE-2024-20306
Cisco IOS XE Software for Wireless LAN Controllers Multicast DNS Denial of Service VulnerabilityWysokaCVE-2024-20303
 Cisco IOS and IOS XE Software Locator ID Separation Protocol Denial of Service VulnerabilityWysokaCVE-2024-20311
 Cisco IOS and IOS XE Software Intermediate System-to-Intermediate System Denial of Service VulnerabilityWysokaCVE-2024-20312
 Cisco IOS XE Software OSPFv2 Denial of Service VulnerabilityWysokaCVE-2024-20313
 Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service VulnerabilityWysokaCVE-2024-20314
 Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service VulnerabilityWysokaCVE-2024-20276
 Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service VulnerabilitiesWysokaCVE-2024-20307
CVE-2024-20308
 Cisco IOS XE Software DHCP Snooping with Endpoint Analytics Denial of Service VulnerabilityWysokaCVE-2024-20259
 Cisco Access Point Software Secure Boot Bypass VulnerabilityWysokaCVE-2024-20265
 Cisco Access Point Software Denial of Service VulnerabilityWysokaCVE-2024-20271
 Cisco IOS XE Software for Wireless LAN Controllers Privilege Escalation VulnerabilityŚredniaCVE-2024-20324
 Cisco IOS XE Software Privilege Escalation VulnerabilityŚredniaCVE-2024-20278
 Cisco IOS XE Software NETCONF/RESTCONF IPv4 Access Control List Bypass VulnerabilityŚredniaCVE-2024-20316
 Cisco Catalyst Center Authorization Bypass VulnerabilityŚredniaCVE-2024-20333
 Cisco IOS XE Software Auxiliary Asynchronous Port Denial of Service VulnerabilityŚredniaCVE-2024-20309
 Cisco Aironet Access Point Software Resource Exhaustion Denial of Service VulnerabilityŚredniaCVE-2024-20354
Cisco Nexus Dashboard Fabric Controller Plug and Play Arbitrary File Read VulnerabilityWysokaCVE-2024-20348
Cisco TelePresence Management Suite Cross-Site Scripting VulnerabilityŚredniaCVE-2024-20334
Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site Scripting VulnerabilityŚredniaCVE-2024-20362
Cisco Nexus Dashboard Privilege Escalation VulnerabilityŚredniaCVE-2024-20282
Cisco Nexus Dashboard Orchestrator Unauthorized Policy Actions VulnerabilityŚredniaCVE-2024-20302
Cisco Nexus Dashboard Information Disclosure VulnerabilityŚredniaCVE-2024-20283
Cisco Nexus Dashboard and Nexus Dashboard Hosted Services Cross-Site Request Forgery VulnerabilityŚredniaCVE-2024-20281
Cisco Identity Services Engine Server-Side Request Forgery VulnerabilityŚredniaCVE-2024-20332
Cisco Identity Services Engine Cross-Site Request Forgery VulnerabilityŚredniaCVE-2024-20368
Cisco Enterprise Chat and Email Cross-Site Scripting VulnerabilityŚredniaCVE-2024-20367
Cisco Unified Communications Manager IM & Presence Service Cross-Site Scripting VulnerabilityŚredniaCVE-2024-20310
Cisco Emergency Responder Cross-Site Request Forgery and Directory Traversal VulnerabilitiesŚredniaCVE-2024-20347
ŚredniaCVE-2024-20352