- 161/2024
- High
Cisco has released security updates to fix several vulnerabilities across multiple Cisco products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, conduct denial of service attacks, or manipulate data to view, add, modify, or delete information by sending specially crafted SQL statements to the affected product.
Sample of the addressed vulnerabilities:
1. Cisco Firepower Management Center Software SQL Injection Vulnerability (CVE-2024-20360):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Data Manipulation
2. Multiple Cisco Products Snort 3 HTTP Intrusion Prevention System Rule Security Bypass (CVE-2024-20363):
- CVSS: 5.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
Sample of the affected products:
- Cisco Cisco Firepower Management Center.
- Cisco Adaptive Security Appliance (ASA) Software.
- Cisco Firepower Threat Defense Software.
- Cisco UTD SNORT IPS Engine Software.
Vulnerabilities
- CVE-2024-20360
- CVE-2023-20006
- CVE-2022-20760
- CVE-2024-20363
- CVE-2024-20261
- CVE-2024-20361
- CVE-2024-20355
- CVE-2024-20293
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.