- 236/2024
- High
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks, execute SQL injection attacks, obtain sensitive information, conduct cross-site scripting attacks, or execute arbitrary code and gain access to the affected products.
Sample of the addressed vulnerabilities:
1. Cisco Unified Communications Manager Denial of Service Vulnerability (CVE-2024-20375):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial Of Service
2. Cisco Identity Services Engine SQL Injection Vulnerability (CVE-2024-20417):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Data Manipulation
Sample of the affected products:
- Cisco Unified Communications Manager (Unified CM).
- Cisco Unified Communications Manager Session Management Edition (Unified CM SME).
- Cisco Identity Services Engine.
Vulnerabilities
- CVE-2024-20375
- CVE-2024-6387
- CVE-2024-20486
- CVE-2024-20488
- CVE-2024-20417
- CVE-2024-20466
- CVE-2024-3596
- CVE-2023-20215
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.