- 68/2024
- High
Cisco has released security updates to fix several vulnerabilities across multiple Cisco products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions by sending a specially crafted request, or cluster configuration CLI requests, or perform denial of service attacks by sending crafted IPv6 packets, high number of TCP packets, crafted LLDP packets, or large amounts of network traffic with certain characteristics to the affected products.
Sample of the addressed vulnerabilities:
1. Cisco NX-OS Software Denial of Service Vulnerability (CVE-2024-20321):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
2. Cisco Nexus 3000 and 9000 Series Switches Security Bypass Vulnerability (CVE-2024-20291):
- CVSS: 5.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
Sample of the affected products:
- Cisco Nexus 3600 Series Switches and Cisco Nexus 9500 R-Series.
- Nexus 3000 Series Switches.
- Nexus 5500 Platform Switches.
- Cisco Nexus 3000 and 9000 Series Switches.
- Firepower 4100 Series and 9300 Security Appliances.
Vulnerabilities
- CVE-2024-20321
- CVE-2024-20267
- CVE-2024-20344
- CVE-2024-20291
- CVE-2024-20294
- CVE-2024-20325
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.