Security Advisory

Cisco Family May 2024 1st Security Update Advisory

  • May 16 2024

Overview

 

Cisco(https://www.cisco.com) has released a security update that fixes vulnerabilities in products it has been made. users of affected systems are advised to update to the latest version.

 

Affected Products

 

Cisco AppDynamics

Cisco ConfD

Cisco ConfD Basic

Cisco Network Services Orchestrator

Cisco Secure Client

Cisco Secure Email

 

Resolved Vulnerabilities

 

Vulnerability in Cisco Network Services Orchestrator due to improperly set permissions, allowing arbitrary file read and write (CVE-2024-20326 and 1 other, CVSS 7.8) [1]

Vulnerability in Cisco Network Services Orchestrator that could allow elevation to administrator level due to incorrect privilege assignment when certain CLI commands are used (CVE-2024-20389 and 1 other, CVSS 7.8) [2]

Vulnerability in Cisco Network Services Orchestrator due to a user-controlled search path to find executables, which could allow arbitrary code execution (CVE-2024-20366, CVSS 7.8) [3]

Vulnerability in Cisco Secure Client due to lack of authentication for certain features, allowing arbitrary code execution with system privileges (CVE-2024-20391, CVSS 6.8) [4]

Cross-Site Scripting (XSS) possible vulnerability due to insufficient validation of input values in Cisco Secure Email (CVE-2024-20392, CVSS 6.1) [5]

Vulnerability in Cisco AppDynamics due to inability to handle unexpected input, resulting in a possible denial of service (CVE-2024-20394, CVSS 5.5) [6]

Vulnerability in Cisco Network Services Orchestrator that could redirect users to a malicious website due to insufficient validation of input values (CVE-2024-20369, CVSS 4.7) [7]

 

Vulnerability Patches

 

Product-specific Vulnerability Patches were made available in the 05/15/2024 update. please refer to the ‘Affected Products’ and ‘Fixed Software’ in the product-specific information in the Referenced Sites below to apply the patches.

 

Referenced Sites

 

[1] Cisco Crosswork Network Services Orchestrator Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-rwpesc-qrQGnh3f

[2] Cisco Crosswork Network Services Orchestrator Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-rwpesc-qrQGnh3f

[3] Cisco Crosswork Network Services Orchestrator Privilege Escalation Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-hcc-priv-esc-OWBWCs5D

[4] Cisco Secure Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ

[5] Cisco Secure Email Gateway HTTP Response Splitting Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-http-split-GLrnnOwS

[6] Cisco AppDynamics Network Visibility Service Denial of Service Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-netvisdos-9zNbsJtK

[7] Cisco Crosswork Network Services Orchestrator Open Redirect Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-ordir-MNM8YqzO

Tags:

Previous Post

Next Post