Security Advisory

Cisco Family August 2024 First Round Security Update Advisory

  • Aug 30 2024

Overview

 

Cisco(https://www.cisco.com) has released a security update that fixes vulnerabilities in products it has been made. Users of affected systems are advised to update to the latest version.

 

Affected Products

 

Cisco Application Policy Infrastructure Controller (APIC)

Cisco NX-OS Software

Cisco NX-OS System Software in ACI Mode

Cisco Unified Computing System (Managed)

 

Resolved Vulnerabilities

 

Vulnerability in Cisco NX-OS Software due to insufficient data validation, causing the dhcp_snoop process to crash and restart multiple times (CVE-2024-20446, CVSS 8.6) [1]

Vulnerability in Cisco Application Policy Infrastructure Controller (APIC) due to signature validation of software images, allowing arbitrary code execution (CVE-2024-20478, CVSS 6.5) [2]

Vulnerability in Cisco NX-OS Software due to lack of validation of user input, allowing arbitrary command execution (CVE-2024-20284 and 2 others, CVSS 5.3) [3]

Vulnerability in Cisco NX-OS Software, Cisco Unified Computing System (Managed), and Cisco NX-OS System Software in ACI Mode Due to Insufficient Data Validation, Allowing Arbitrary Command Execution (CVE-2024-20289, CVSS 4.4) [4]

 

Vulnerability Patches

 

Product-specific Vulnerability Patches were made available in the August 28, 2024 update. please refer to the ‘Affected Products’ and ‘Fixed Software’ in the product-specific information in the Referenced Sites below to apply the patches.

 

Referenced Sites

 

[1] Cisco NX-OS Software DHCPv6 Relay Agent Denial of Service Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dhcp6-relay-dos-znEAA6xn

[2] Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-priv-esc-uYQJjnuU

[3] Cisco NX-OS Software Python Sandbox Escape Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du

[4] Cisco NX-OS Software Command Injection Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmdinj-Lq6jsZhH

Tags:

Previous Post

Next Post