Security Advisory

Cisco Family March 2024 First Round Security Update Advisory

  • Mar 28 2024

Overview

 

Cisco(https://www.cisco.com) has released a security update that fixes vulnerabilities in products it has been made. users of affected systems are advised to update to the latest version.

 

Affected Products

 

Cisco Aironet Access Point Software

Cisco Aironet Access Point Software (IOS XE Controller)

Cisco Business Wireless Access Point Software

Cisco Digital Network Architecture Center (DNA Center)

Cisco IOS XE Software

IOS

 

Resolved Vulnerabilities

 

Vulnerability in Cisco IOS XE Software when Endpoint Analytics is enabled allows a possible denial of service due to malformed IPv4 DHCP request packets (CVE-2024-20259, CVSS 8.6) [1]

Vulnerability in IOS,Cisco IOS XE Software due to incorrect data handling, resulting in a possible denial of service (CVE-2024-20311, CVSS 8.6) [2]

Vulnerability in Cisco IOS XE Software due to insufficient data validation, which could deplete CPU resources on the device and cause traffic processing to crash (CVE-2024-20314, CVSS 8.6) [3]

Vulnerability in Cisco Aironet Access Point Software, Cisco Business Wireless Access Point Software, and Cisco Aironet Access Point Software (IOS XE Controller) due to insufficient validation of input values, which could cause an affected device to reload unexpectedly (CVE-2024-20271, CVSS 8.6) [4]

Vulnerability in IOS, Cisco IOS XE Software, where crafted and fragmented IKEv1 packets are not properly reassembled, resulting in a possible denial of service (CVE-2024-20308, CVSS 8.6) [5]

Vulnerability in IOS due to insufficient data validation, causing an affected device to reload (CVE-2024-20276, CVSS 7.4) [6]

Vulnerability in IOS,Cisco IOS XE Software due to lack of input validation, causing an affected device to reload (CVE-2024-20312, CVSS 7.4) [7]

Vulnerability in Cisco IOS XE Software due to improper validation of OSPF updates processed by the device, causing an affected device to reload (CVE-2024-20313, CVSS 7.4) [8]

Vulnerability in Cisco IOS XE Software due to improper management of mDNS client entries, resulting in increased CPU utilization on the wireless controller (CVE-2024-20303, CVSS 7.4) [9]

Vulnerability in Cisco IOS XE Software that allows elevation of privilege from administrator to root due to insufficient validation of user input (CVE-2024-20278, CVSS 6.5) [10]

Vulnerability in Cisco IOS XE Software due to lack of input validation, allowing arbitrary command execution with administrator privileges (CVE-2024-20306, CVSS 6.0) [11]

Vulnerability in Cisco IOS XE Software, Cisco Aironet Access Point Software, Cisco Business Wireless Access Point Software, and Cisco Aironet Access Point Software (IOS XE Controller) that allows unnecessary commands to be used while booting from the physical console, resulting in a one-time image load (CVE-2024-20265, CVSS 5.9) [12]

Vulnerability in Cisco IOS XE Software due to improper data handling that could cause a device to reset or become unresponsive (CVE-2024-20309, CVSS 5.6) [13]

Vulnerability in Cisco IOS XE Software due to improper authorization checking, allowing access to unauthorized configuration details (CVE-2024-20324, CVSS 5.5) [14]

Cisco Aironet Access Point Software,Vulnerability in Cisco Aironet Access Point Software (IOS XE Controller) due to incomplete resource cleanup when deleting certain malformed frames, resulting in a degradation of service to other clients (CVE-2024-20354, CVSS 4.7) [15]

Vulnerability in Cisco Digital Network Architecture Center (DNA Center) to alter certain fields within the web-based management interface due to insufficient acknowledgment handling (CVE-2024-20333, CVSS 4.3) [16]

 

Vulnerability Patches

 

Product-specific Vulnerability Patches were made available in the 03/27/2024 update. please refer to the ‘Affected Products’ and ‘Fixed Software’ in the product-specific information in the Referenced Sites below to apply the patches.

 

Referenced Sites

 

[1] Cisco IOS XE Software DHCP Snooping with Endpoint Analytics Denial of Service Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dhcp-dos-T3CXPO9z

[2] Cisco IOS and IOS XE Software Locator ID Separation Protocol Denial of Service Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lisp-3gYXs3qP

[3] Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG

[4] Cisco Access Point Software Denial of Service Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W

[5] Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev1-NO2ccFWz

[6] Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-dos-Hq4d3tZG

[7] Cisco IOS and IOS XE Software Intermediate System-to-Intermediate System Denial of Service Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-sGjyOUHX

[8] Cisco IOS XE Software OSPFv2 Denial of Service Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ospf-dos-dR9Sfrxp

[9] Cisco IOS XE Software for Wireless LAN Controllers Multicast DNS Denial of Service Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-mdns-dos-4hv6pBGf

[10] Cisco IOS XE Software Privilege Escalation Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-seAx6NLX

[11] Cisco IOS XE Software Unified Threat Defense Command Injection Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-utd-cmd-JbL8KvHT

[12] Cisco Access Point Software Secure Boot Bypass Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD

[13] Cisco IOS XE Software Auxiliary Asynchronous Port Denial of Service Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aux-333WBz8f

[14] Cisco IOS XE Software for Wireless LAN Controllers Privilege Escalation Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-wlc-privesc-RjSMrmPK

[15] Cisco Aironet Access Point Software Resource Exhaustion Denial of Service Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-ap-dos-PPPtcVW

[16] Cisco Catalyst Center Authorization Bypass Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccc-authz-bypass-5EKchJRb

Tags:

Previous Post

Next Post