- 260/2024
- High
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, gain elevated privilege, perform denial of services attacks, or execute arbitrary commands and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Multiple Cisco Products Privilege Escalation Vulnerability (CVE-2024-20439):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Cisco IOS XR Software UDP Packet Memory Exhaustion Vulnerability (CVE-2024-20398):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
The affected products:
- Cisco IOS XR Software.
- Crosswork NSO.
- Optical Site Manager.
- RV340 Dual WAN Gigabit VPN Routers.
Vulnerabilities
- CVE-2024-20343
- CVE-2024-20381
- CVE-2024-20483
- CVE-2024-20398
- CVE-2024-20390
- CVE-2024-20489
- CVE-2024-20406
- CVE-2024-20317
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.