- 290/2024
- High
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform cross-site request forgery attacks, conduct cross-site scripting attacks, obtain sensitive information, gain elevated privilege, perform denial of services attacks, or execute arbitrary commands and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Cisco ATA 190 Series Products Security Bypass Vulnerability (CVE-2024- 20458):
- CVSS: 8.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. Cisco ATA 190 Series Products Cross-Site Request Forgery Vulnerability (CVE-2024-20421):
- CVSS: 7.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Cross-Site Request Forgery
The affected products:
- ATA 191 (on-premises or multiplatform).
- ATA 192 (multiplatform).
- Cisco UCS Central Software.
- Cisco Unified CCMP.
Vulnerabilities
- CVE-2024-20420
- CVE-2024-20421
- CVE-2024-20458
- CVE-2024-20459
- CVE-2024-20460
- CVE-2024-20461
- CVE-2024-20462
- CVE-2024-20463
- CVE-2024-20280
- CVE-2024-20512
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.