- 121/2024
- High
- April 18, 2024
- 3:13 pm
Cisco has released security updates to fix multiple vulnerabilities across Cisco Integrated Management Controller (IMC) and Cisco IOS/IOS XE Software.
The addressed vulnerabilities could allow the attacker to bypass security restrictions or execute arbitrary code and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Cisco Integrated Management Controller (IMC) Software Command Execution Vulnerability (CVE-2024-20295):
- CVSS: 8.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. Cisco Integrated Management Controller (IMC) Software Command Execution Vulnerability (CVE-2024-20356):
- CVSS: 8.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
- CVE-2024-20295
- CVE-2024-20356
- CVE-2024-20373
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.