- 295/2024
- Critical
Cisco has released security updates to fix multiple vulnerabilities affecting several Cisco products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform cross-site request forgery attacks, perform cross-site scripting attacks, obtain sensitive information, perform SQL injection attacks, gain elevated privilege, perform denial of services attacks, or execute arbitrary commands and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Cisco Secure Firewall Management Center Command Execution (CVE-2024-20424):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense Denial of Service (CVE-2024-20495):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
The affected products:
- Firepower 1000, 2100, 3100, 4200 Series.
- Cisco FMC Software.
- Cisco ASA Software.
- Cisco FTD Software
- Cisco FirePOWER Services.
- Cisco Secure Client Software.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.