Cisco Family February 2024 First Security Update Advisory
Overview
Cisco(https://www.cisco.com) has released a security update that fixes vulnerabilities in products it has been made. Users of affected systems are advised to update to the latest version.
Affected Products
Cisco NX-OS Software
Cisco Unified Computing System (Managed)
Resolved Vulnerabilities
Vulnerability in Cisco NX-OS Software due to lack of proper error checking when processing incoming MPLS frames, which could result in a denial of service (CVE-2024-20267, CVSS 8.6) [1]
Vulnerability in Cisco NX-OS Software where eBGP traffic can cause ebgp neighbor sessions to be dropped due to a shared hardware rate limiter queue (CVE-2024-20321, CVSS 8.6) [2]
Vulnerability in Cisco NX-OS Software that occurs when the configuration of a port-channel member port is changed, allowing access to network resources that should be protected by an ACL applied to a port-channel subinterface due to incorrect hardware programming (CVE-2024-20291, CVSS 5.8) [3]
Vulnerability in Cisco Unified Computing System (Managed) that causes a device console UI process crash due to insufficient rate limiting of TCP connections to an affected device (CVE-2024-20344, CVSS 5.3) [4]
Vulnerability Patches
Product-specific vulnerability patches were made available in the 02/28/2024 update. Please refer to “Affected Products” and “Fixed Software” in the product-specific information in the reference site below to apply the patches.
Referenced Sites
[1] Cisco NX-OS Software MPLS Encapsulated IPv6 Denial of Service Vulnerability
[2] Cisco NX-OS Software External Border Gateway Protocol Denial of Service Vulnerability
[3] Cisco Nexus 3000 and 9000 Series Switches Port Channel ACL Programming Vulnerability
[4] Cisco UCS 6400 and 6500 Series Fabric Interconnects Intersight Managed Mode Denial of Service Vulnerability