Cisco Family October 2024 Secondary Security Update Advisory

Oct 11 2024

Overview

Cisco (https://www.cisco.com) has released a security update that fixes vulnerabilities in products it has been made. Users of affected systems are advised to update to the latest version.

Affected Products

Cisco Small Business RV Series Routers

Cisco Nexus Dashboard Fabric Controller (NDFC)

Cisco Nexus Dashboard Orchestrator (NDO)

Cisco Nexus Dashboard Insights

Cisco Meraki MX Firmware

Resolved Vulnerabilities

The web-based management interface in Cisco Small Business RV Series Router Firmware is vulnerable to elevate privileges from guest to administrator due to sensitive information (CVE-2024-20470, CVSS 7.2)

Logging feature vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) that could allow an attacker with access to technical support files to view sensitive information (CVE-2024-20490, CVSS 8.6)

Logging functionality vulnerability in Cisco Nexus Dashboard Insights that could allow an attacker with access to the technical support file to view sensitive information (CVE-2024-20491, CVSS 8.6)

Vulnerabilities in Cisco AnyConnect VPN on Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices that could allow an unauthenticated remote attacker to cause a DoS condition in the AnyConnect service on the affected device (CVE-2024-20500, CVE-2024-20502, CVSS 7.5)

Vulnerabilities in the web-based management interface on Cisco Small Business RV042, RV042G, RV320, and RV325 routers that allow an authenticated, administrator-level remote attacker to execute arbitrary code as the root user (CVE-2024-20518, CVE-2024-20519, CVE-2024-20520, CVE-2024-20521, CVSS 9.1)

Vulnerability Patches

Product-specific Vulnerability Patches were made available in the October 02, 2024 update. Please refer to the ‘Affected Products’ and ‘Fixed Software’ in the product-specific information in the Referenced Sites below to apply the patches.

Referenced Sites

[1] Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation and Remote Command Execution Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms

[2] Cisco Nexus Dashboard Hosted Services Information Disclosure Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-idv-Bk8VqEDc

[3] Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2

[4] Cisco Small Business RV042, RV042G, RV320, and RV325 Routers Denial of Service and Remote Code Execution Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV

Cisco Family October 2024 Secondary Security Update Advisory

Adobe Family October 2024 Routine Security Update Advisory

Keycloak Security Update Advisory (CVE-2024-3656)

Tags:

Adobe Family October 2024 Routine Security Update Advisory

Keycloak Security Update Advisory (CVE-2024-3656)