- 241/2024
- High
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks, gain elevated privileges, or execute arbitrary code and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Cisco NX-OS Software DHCPv6 Relay Agent Denial of Service Vulnerability (CVE-2024-20446):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
2. Cisco NX-OS Software Bash Arbitrary Code Execution and Privilege Escalation Vulnerability (CVE-2024-20411):
- CVSS: 6.7
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Privileges
Sample of the affected products:
- MDS 9000 Series Multilayer Switches (CSCwi52362, CSCwi52380, CSCwi52460).
- Nexus 3000 Series Switches (CSCwh77779, CSCwh77780, CSCwh77781).
- Smart Software Manager On-Prem.
- Nexus 3000 Series Switches (CSCwh77786).
- Cisco APIC and Cisco Cloud Network Controller.
Vulnerabilities
- CVE-2024-20446
- CVE-2024-20284
- CVE-2024-20285
- CVE-2024-20286
- CVE-2024-20289
- CVE-2024-20411
- CVE-2024-20413
- CVE-2024-20478
- CVE-2024-20279
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.