- 301/2024
- Critical
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to perform denial of services attacks, bypass security restrictions, conduct cross-site scripting attacks, obtain sensitive information, manipulate data, execute arbitrary codes/SQL commands, and gain access to the affected system.
Sample of the addressed vulnerabilities:
Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point Command Injection Vulnerability (CVE-2024-20418):
- CVSS: 10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability (CVE-2024-20536):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Data Manipulation
Sample of The Affected Products:
- CiscoCatalyst IW9165D Heavy Duty Access Points.
- Cisco Nexus Dashboard Fabric Controller (NDFC).
- Cisco Enterprise Chat and Email.
- Cisco 6800, 7800, 8800, and 9800 Series.
- Cisco Identity Services Engine.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.