Security Advisory

Cisco Family April 2024 1st Security Update Advisory

  • Apr 18 2024

Overview

 

Cisco(https://www.cisco.com) has released a security update that fixes vulnerabilities in products it has been made. users of affected systems are advised to update to the latest version.

 

Affected Products

 

Cisco 5000 Series ENCS, Catalyst 8300 Series Edge uCPEs

  • <= 3.12
  • <= 4.13

 

Cisco UCS C-Series M5 Rack Server

  • versions 4.0, 4.1, 4.2, 4.3

 

Cisco UCS C-Series M6 Rack Server

  • version 4.2, 4.3

 

Cisco UCS C-Series M7 Rack Server

  • version 4.3

 

Cisco UCS E-Series M2 and M3 Server

  • <= 3.1
  • 3.2 

 

Cisco UCS E-Series M6 Server

  • <= 4.12

 

Cisco UCS S-Series Storage Server

  • 4.0, 4.1, 4.2, 4.3

 

Cisco Telemetry Broker Appliance, Secure Endpoint Private Cloud Appliances, Secure Firewall Management Center Appliances, Secure Malware Analytics Appliances, Secure Network Analytics Appliances, Secure Network Server Appliances

  • < 4.3 (2.240009)

 

IEC6400 Edge Compute Appliances, Secure Email Gateways, Secure Email and Web Manager, Secure Web Appliances

  • < 4.2(3j)

 

Resolved Vulnerabilities

 

Vulnerability in Cisco Unified Computing System (Standalone) and Cisco Unified Computing System E-Series Software (UCSE) due to insufficient validation of user input, resulting in elevation of root privileges (CVE-2024-20356, CVSS 8.7) [1]

 

Vulnerability Patches

 

Product-specific Vulnerability Patches were made available in the 04/17/2024 update. please refer to the ‘Affected Products’ and ‘Fixed Software’ in the product-specific information in the Referenced Sites below to apply the patches.

 

Cisco 5000 Series ENCS, Catalyst 8300 Series Edge uCPEs

  • 4.14.1

 

Cisco UCS C-Series M5 Rack Server

  • 4.1 (3n), 4.2 (3j), 4.3 (2.240009)

 

Cisco UCS C-Series M6 Rack Server

  • 4.2 (3j), 4.3 (2.240009), 4.3 (3.240022) 

 

Cisco UCS C-Series M7 Rack Server

  • 4.3 (3.240022) 

 

Cisco UCS E-Series M2 and M3 Server

  • 3.2.15.3

 

Cisco UCS E-Series M6 Server

  • 4.12.2

 

Cisco UCS S-Series Storage Server

  • 4.1(3n),4.2(3k),4.3(2.240009),4.3(3.240041) 버전

 

Cisco Telemetry Broker Appliance, Secure Endpoint Private Cloud Appliances, Secure Firewall Management Center Appliances, Secure Malware Analytics Appliances, Secure Network Analytics Appliances, Secure Network Server Appliances

  • 4.3 (2.240009)

 

IEC6400 Edge Compute Appliances, Secure Email Gateways, Secure Email and Web Manager, Secure Web Appliances

  • 4.2 (3j) version

 

 

Referenced Sites

 

[1] Cisco Integrated Management Controller Web-Based Management Interface Command Injection Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb

Tags:

Previous Post

Next Post