- 274/2024
- Critical
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, gain elevated privilege, perform denial of services attacks, or execute arbitrary commands and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability (CVE-2024-20432):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerability (CVE-2024-20498):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
The affected products:
- Cisco NDFC.
- Cisco RV Series Small Business Routers.
- Cisco Meraki products.
- Cisco NDO.
- Cisco Nexus Dashboard.
- Cisco ISE.
- Cisco Expressway-C.
- Cisco Expressway-E.
- UCS B-Series Blade Servers.
- UCS Managed C-Series Rack Servers.
- UCS X-Series Modular System.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.