- 31/2024
- Critical
Cisco has released security updates to fix several vulnerabilities across multiple Cisco products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, gain elevated privileges, trigger cross-site scripting attacks, or execute arbitrary code and gain access to the affected products.
Sample of the addressed vulnerabilities:
1. Cisco Unified Communications Products Remote Code Execution Vulnerability (CVE-2024-20253):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Cisco Small Business Series Switches Stacked Reload ACL Bypass Vulnerability (CVE-2024-20263):
- CVSS: 5.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
Sample of the affected products:
- Cisco Unified Communications Manager IM & Presence Service (CM IM&P).
- Cisco Unity Connection.
- Cisco SD-WAN vManage Software.
- Cisco Business 250 Series Smart and 350 Series Managed Switches.
- Cisco 350X, 550X Series Stackable Managed Switches.
Vulnerabilities
- CVE-2024-20253
- CVE-2024-20272
- CVE-2022-20716
- CVE-2024-20263
- CVE-2024-20305
- CVE-2024-20270
- CVE-2022-20930
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.