- 106/2024
- High
- April 4, 2024
- 11:50 am
Cisco has released security updates to fix several vulnerabilities across multiple Cisco products.
The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform cross-site scripting attacks, obtain sensitive information, bypass security restrictions, or execute arbitrary code, and gain access to the affected products.
Sample of the addressed vulnerabilities:
1. Cisco Nexus Dashboard and Nexus Dashboard Hosted Services Cross-Site Request Forgery Vulnerability (CVE-2024-20281):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Cisco Nexus Dashboard Fabric Controller Plug and Play Arbitrary File Read Vulnerability (CVE-2024-20348):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.