- 150/2024
- High
Cisco has released security updates to fix several vulnerabilities across multiple Cisco products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, conduct cross-site scripting attacks, gain elevated privileges, or gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Cisco Crosswork Network Services Orchestrator Security Bypass (CVE-2024- 20326):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Bypass Security
2. Cisco Secure Client For Windows Privilege Escalation (CVE-2024-20391):
- CVSS: 6.8
- Attack Vector: Physical
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Privileges
Affected Products:
- Cisco AppDynamics Network Visibility Agent.
- Cisco Secure Email Gateway.
- Cisco Web Manager.
- Cisco Crosswork Network Services Orchestrator.
- Cisco Secure Client for Windows.
- Cisco ConfD CLI.
Vulnerabilities
- CVE-2024-20326
- CVE-2024-20389
- CVE-2024-20366
- CVE-2024-20369
- CVE-2024-20256
- CVE-2024-20257
- CVE-2024-20258
- CVE-2024-20391
- CVE-2024-20392
- CVE-2024-20394
- CVE-2024-20383
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.