Cisco informuje o nowych podatnościach. (P24-103)

cert.pse-online.pl 1 miesiąc temu

27 marca 2024 r. firma Cisco opublikowała porady dotyczące bezpieczeństwa dotyczące luk w zabezpieczeniach wielu produktów. Uwzględniono aktualizacje następujących elementów:

Cisco IOS – wiele wersji i platform

Cisco IOS XE – wiele wersji i platform

Cisco Access Points – wiele wersji i platform

Cisco Switches – wiele wersji i platform

Cisco SD-Access fabric edge node – wiele wersji i platform

Opis/Link	Krytyczność	CVE ID
Cisco IOS XE Software Unified Threat Defense Command Injection Vulnerability	Średnia	CVE-2024-20306
Cisco IOS XE Software for Wireless LAN Controllers Multicast DNS Denial of Service Vulnerability	Wysoka	CVE-2024-20303
Cisco IOS and IOS XE Software Locator ID Separation Protocol Denial of Service Vulnerability	Wysoka	CVE-2024-20311
Cisco IOS and IOS XE Software Intermediate System-to-Intermediate System Denial of Service Vulnerability	Wysoka	CVE-2024-20312
Cisco IOS XE Software OSPFv2 Denial of Service Vulnerability	Wysoka	CVE-2024-20313
Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability	Wysoka	CVE-2024-20314
Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability	Wysoka	CVE-2024-20276
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerabilities	Wysoka	CVE-2024-20307
	Wysoka	CVE-2024-20308
Cisco IOS XE Software DHCP Snooping with Endpoint Analytics Denial of Service Vulnerability	Wysoka	CVE-2024-20259
Cisco Access Point Software Secure Boot Bypass Vulnerability	Wysoka	CVE-2024-20265
Cisco Access Point Software Denial of Service Vulnerability	Wysoka	CVE-2024-20271
Cisco IOS XE Software for Wireless LAN Controllers Privilege Escalation Vulnerability	Średnia	CVE-2024-20324
Cisco IOS XE Software Privilege Escalation Vulnerability	Średnia	CVE-2024-20278
Cisco IOS XE Software NETCONF/RESTCONF IPv4 Access Control List Bypass Vulnerability	Średnia	CVE-2024-20316
Cisco Catalyst Center Authorization Bypass Vulnerability	Średnia	CVE-2024-20333
Cisco IOS XE Software Auxiliary Asynchronous Port Denial of Service Vulnerability	Średnia	CVE-2024-20309
Cisco Aironet Access Point Software Resource Exhaustion Denial of Service Vulnerability	Średnia	CVE-2024-20354