Cisco Security AdvisoryMultiple Cisco Products Snort Rate Filter Bypass Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-rf-bypass-OY8f3pnM?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Multiple Cisco Products Snort Rate Filter Bypass Vulnerability&vs_k=1
<p>Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate limiting filter. </p>
<p>This vulnerability is due to an incorrect connection count comparison. An attacker could exploit this vulnerability by sending traffic through an affected device at a rate that exceeds a configured rate filter. A successful exploit could allow the attacker to successfully bypass the rate filter. This could allow unintended traffic to enter the network protected by the affected device.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-rf-bypass-OY8f3pnM">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-rf-bypass-OY8f3pnM</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20342
Cisco Security AdvisoryTue, 2025 January 14 00:44:31 PSTCisco ThousandEyes Endpoint Agent for MacOS and RoomOS Certificate Validation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-thousandeyes-cert-pqtJUv9N?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco ThousandEyes Endpoint Agent for MacOS and RoomOS Certificate Validation Vulnerability&vs_k=1
<p>A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information.</p>
<p>This vulnerability exists because the affected software does not properly validate certificates for hosted metrics services. An on-path attacker could exploit this vulnerability by intercepting network traffic using a crafted certificate. A successful exploit could allow the attacker to masquerade as a trusted host and monitor or change communications between the remote metrics service and the vulnerable client.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-thousandeyes-cert-pqtJUv9N">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-thousandeyes-cert-pqtJUv9N</a></p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2025-20126
Cisco Security AdvisoryMon, 2025 January 13 22:15:18 PSTCisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-xss-CDOJZyH?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities&vs_k=1
<p>Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.</p>
<p>These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have at least a low-privileged account on an affected device.</p>
<p>There are no workarounds that address these vulnerabilities.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-xss-CDOJZyH">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-xss-CDOJZyH</a></p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2025-20166,CVE-2025-20167,CVE-2025-20168
Cisco Security AdvisoryWed, 2025 January 08 16:00:00 PSTCisco Crosswork Network Controller Stored Cross-Site Scripting Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xwork-xss-KCcg7WwU?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Crosswork Network Controller Stored Cross-Site Scripting Vulnerabilities&vs_k=1
<p>Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system.</p>
<p>These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by inserting malicious data into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials.</p>
<p>Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xwork-xss-KCcg7WwU">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xwork-xss-KCcg7WwU</a></p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2025-20123
Cisco Security AdvisoryWed, 2025 January 08 16:00:00 PSTCisco NX-OS Software Image Verification Bypass Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco NX-OS Software Image Verification Bypass Vulnerability&vs_k=1
<p>A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. </p>
<p>This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL" target="_blank" rel="noopener">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL</a></p>
<br/>Security Impact Rating: High
<br/>CVE: CVE-2024-20397
Cisco Security AdvisoryMon, 2024 December 23 22:45:07 PSTCisco Access Point Software Uncontrolled Resource Consumption Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Access Point Software Uncontrolled Resource Consumption Vulnerability&vs_k=1
<p>A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device. </p>
<p>This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m</a></p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2023-20268
Cisco Security AdvisoryThu, 2024 December 12 12:27:21 PSTCisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CVE-2014-2120?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability&vs_k=1
<p>A vulnerability in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of WebVPN on the Cisco ASA.<br><br>The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by convincing a user to access a malicious link.</p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2014-2120
Cisco Security AdvisoryTue, 2024 December 03 04:05:54 PSTCisco Secure Web Appliance Privilege Escalation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-priv-esc-7uHpZsCC?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Secure Web Appliance Privilege Escalation Vulnerability&vs_k=1
<p>A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to <em>root.</em></p>
<p>This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to <em>root. </em>To successfully exploit this vulnerability, an attacker would need at least <em>guest </em>credentials.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-priv-esc-7uHpZsCC">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-priv-esc-7uHpZsCC</a></p>
<br/>Security Impact Rating: High
<br/>CVE: CVE-2024-20435
Cisco Security AdvisoryFri, 2024 November 22 17:13:56 PSTCisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5Fq?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability&vs_k=1
<p>A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. </p>
<p>This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5Fq">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5Fq</a></p>
<p>This advisory is part of the March 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74917">Cisco Event Response: March 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2023-20064
Cisco Security AdvisoryWed, 2024 November 13 23:00:06 PSTCisco Nexus 3550-F Switches Access Control List Programming Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3550-acl-bypass-mhskZc2q?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Nexus 3550-F Switches Access Control List Programming Vulnerability&vs_k=1
<p>A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device. </p>
<p>This vulnerability exists because ACL deny rules are not properly enforced at the time of device reboot. An attacker could exploit this vulnerability by attempting to send traffic to the management interface of an affected device. A successful exploit could allow the attacker to send traffic to the management interface of the affected device.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3550-acl-bypass-mhskZc2q">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3550-acl-bypass-mhskZc2q</a></p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20371
Cisco Security AdvisoryWed, 2024 November 06 16:00:00 PSTCisco 7800, 8800, and 9800 Series Phones Information Disclosure Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco 7800, 8800, and 9800 Series Phones Information Disclosure Vulnerability&vs_k=1
<p>A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.</p>
<p>This vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records.</p>
<p><strong>Note:</strong> Web Access is disabled by default.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG</a></p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20445
Cisco Security AdvisoryWed, 2024 November 06 16:00:00 PSTCisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-sqli-CyPPAxrL?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability&vs_k=1
<p>A vulnerability in a REST API endpoint and <span class="more">web-based management interface o</span>f Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with <em>read-only</em> privileges to execute arbitrary SQL commands on an affected device.</p>
<p>This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a specific REST API endpoint or <span class="more">web-based management interface</span>. A successful exploit could allow the attacker to read, modify, or delete arbitrary data on an internal database, which could affect the availability of the device. </p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-sqli-CyPPAxrL">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-sqli-CyPPAxrL</a><br><br></p>
<br/>Security Impact Rating: High
<br/>CVE: CVE-2024-20536
Cisco Security AdvisoryWed, 2024 November 06 16:00:00 PSTCisco 6800, 7800, 8800, and 9800 Series Phones with Multiplatform Firmware Stored Cross-Site Scripting Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mpp-xss-8tAV2TvF?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco 6800, 7800, 8800, and 9800 Series Phones with Multiplatform Firmware Stored Cross-Site Scripting Vulnerabilities&vs_k=1
<p>Multiple vulnerabilities in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users.</p>
<p>These vulnerabilities exist because the web UI of an affected device does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.</p>
<p><strong>Note: </strong>To exploit these vulnerabilities, Web Access must be enabled on the phone and the attacker must have <em>Admin </em>credentials on the device. Web Access is disabled by default.</p>
<p>Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mpp-xss-8tAV2TvF">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mpp-xss-8tAV2TvF</a></p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20533,CVE-2024-20534
Cisco Security AdvisoryWed, 2024 November 06 16:00:00 PSTCisco Identity Services Engine Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vulns-AF544ED5?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Identity Services Engine Vulnerabilities&vs_k=1
<p>Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to either bypass the authorization mechanisms or conduct a cross-site scripting (XSS) attack.</p>
<p>For more information about these vulnerabilities, see the <a href="#details">Details</a> section of this advisory.</p>
<p>Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vulns-AF544ED5">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vulns-AF544ED5</a></p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20476,CVE-2024-20487
Cisco Security AdvisoryWed, 2024 November 06 16:00:00 PSTCisco Identity Services Engine Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Identity Services Engine Vulnerabilities&vs_k=1
<p>Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface, perform a path traversal attack, read and delete arbitrary files on an affected device, or conduct a server-side request forgery (SSRF) attack through the device.</p>
<p>For more information about these vulnerabilities, see the <a href="#details">Details</a> section of this advisory.</p>
<p>Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy</a></p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20525,CVE-2024-20527,CVE-2024-20528,CVE-2024-20529,CVE-2024-20530,CVE-2024-20531,CVE-2024-20532
Cisco Security AdvisoryWed, 2024 November 06 16:00:00 PSTCisco Identity Services Engine Authorization Bypass and Cross-Site Scripting Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Identity Services Engine Authorization Bypass and Cross-Site Scripting Vulnerabilities&vs_k=1
<p>Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow a remote attacker to conduct an authorization bypass attack and cross-site scripting (XSS) attacks against a user of the web-based management interface on an affected device.</p>
<p>For more information about these vulnerabilities, see the <a href="#details">Details</a> section of this advisory.</p>
<p>Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE</a></p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20537,CVE-2024-20538,CVE-2024-20539
Cisco Security AdvisoryWed, 2024 November 06 16:00:00 PSTCisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability&vs_k=1
<p>A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.</p>
<p>This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n</a></p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20457
Cisco Security AdvisoryWed, 2024 November 06 16:00:00 PSTCisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Stored Cross-Site Scripting Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-xss-zYm3f49n?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Stored Cross-Site Scripting Vulnerability&vs_k=1
<p class="p1">A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.</p>
<p class="p1">This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-xss-zYm3f49n">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-xss-zYm3f49n</a></p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20504
Cisco Security AdvisoryWed, 2024 November 06 16:00:00 PSTCisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnmpi-sxss-yyf2zkXs?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability&vs_k=1
<p>A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.</p>
<p>This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into a specific page of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a id="u_psirt_publication.u_public_url_link" class="web web-inline form-control-static" tabindex="0" href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnmpi-sxss-yyf2zkXs" target="_blank" rel="noopener" name="u_psirt_publication.u_public_url_link" aria-hidden="false">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnmpi-sxss-yyf2zkXs</a></p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20514
Cisco Security AdvisoryWed, 2024 November 06 16:00:00 PSTCisco Enterprise Chat and Email Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Enterprise Chat and Email Denial of Service Vulnerability&vs_k=1
<p>A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.</p>
<p>This vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. <br><br><strong>Note:</strong> When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose <strong>Shared Resources > Services > Unified CCE > EAAS</strong>, then click <strong>Start</strong>.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv</a></p>
<br/>Security Impact Rating: High
<br/>CVE: CVE-2024-20484
Cisco Security AdvisoryWed, 2024 November 06 16:00:00 PSTCisco Unified Communications Manager Cross-Site Scripting Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-SVCkMMW?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Unified Communications Manager Cross-Site Scripting Vulnerability&vs_k=1
<p>A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.</p>
<p>This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-SVCkMMW">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-SVCkMMW</a></p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20511
Cisco Security AdvisoryWed, 2024 November 06 16:00:00 PSTCisco Meeting Management Information Disclosure Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-info-disc-9ZEMAhGA?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Meeting Management Information Disclosure Vulnerability&vs_k=1
<p>A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.</p>
<p>This vulnerability is due to improper storage of sensitive information within the web-based management interface of an affected device. An attacker could exploit this vulnerability by logging in to the web-based management interface. A successful exploit could allow the attacker to view sensitive data that is stored on the affected device.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-info-disc-9ZEMAhGA">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-info-disc-9ZEMAhGA</a></p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20507
Cisco Security AdvisoryWed, 2024 November 06 16:00:00 PSTCisco Unified Contact Center Management Portal Stored Cross-Site Scripting Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-sxss-qBTDBZDD?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Unified Contact Center Management Portal Stored Cross-Site Scripting Vulnerability&vs_k=1
<p>A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface.</p>
<p>This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into a specific page of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. To exploit this vulnerability, the attacker must have at least a Supervisor role on an affected device.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-sxss-qBTDBZDD">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-sxss-qBTDBZDD</a></p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20540
Cisco Security AdvisoryWed, 2024 November 06 16:00:00 PSTCisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point Command Injection Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point Command Injection Vulnerability&vs_k=1
<p>A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with <em>root</em> privileges on the underlying operating system.</p>
<p>This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with <em>root</em> privileges on the underlying operating system of the affected device.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs</a></p>
<br/>Security Impact Rating: Critical
<br/>CVE: CVE-2024-20418
Cisco Security AdvisoryWed, 2024 November 06 16:00:00 PSTCisco Adaptive Security Appliance and Firepower Threat Defense Software AnyConnect Access Control List Bypass Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-acl-bypass-VvnLNKqf?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Adaptive Security Appliance and Firepower Threat Defense Software AnyConnect Access Control List Bypass Vulnerabilities&vs_k=1
<p>Multiple vulnerabilities in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should have been denied to flow through an affected device.</p>
<p>These vulnerabilities are due to a logic error in populating group ACLs when an AnyConnect client establishes a new session toward an affected device. An attacker could exploit these vulnerabilities by establishing an AnyConnect connection to the affected device. A successful exploit could allow the attacker to bypass configured ACL rules.</p>
<p>Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-acl-bypass-VvnLNKqf">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-acl-bypass-VvnLNKqf</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20297,CVE-2024-20299
Cisco Security AdvisoryThu, 2024 October 24 21:19:17 PDTCisco Secure Firewall Management Center Software Cross-Site Scripting and Information Disclosure Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Secure Firewall Management Center Software Cross-Site Scripting and Information Disclosure Vulnerabilities&vs_k=1
<p>Multiple vulnerabilities in Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an attacker to conduct cross-site scripting (XSS) attacks or access unauthorized information on an affected device. </p>
<p>For more information about these vulnerabilities, see the <a href="#details">Details</a> section of this advisory.</p>
<p>Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20377,CVE-2024-20387,CVE-2024-20388
Cisco Security AdvisoryThu, 2024 October 24 11:52:38 PDTCisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities&vs_k=1
<p>Multiple vulnerabilities in Cisco ATA 190 Series Analog Telephone Adapter firmware, both on-premises and multiplatform, could allow a remote attacker to delete or change the configuration, execute commands as the <em>root</em> user, <span class="more">conduct a cross-site scripting (XSS) attack against a user of the interface</span>, view passwords, conduct a cross-site request forgery (CSRF) attack, or reboot the device.</p>
<p>For more information about these vulnerabilities, see the <a href="#details">Details</a> section of this advisory. </p>
<p>Cisco has released firmware updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. However, there is a mitigation that addresses some of these vulnerabilities for Cisco ATA 191 on-premises firmware only.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy</a></p>
<br/>Security Impact Rating: High
<br/>CVE: CVE-2024-20420,CVE-2024-20421,CVE-2024-20458,CVE-2024-20459,CVE-2024-20460,CVE-2024-20461,CVE-2024-20462,CVE-2024-20463
Cisco Security AdvisoryThu, 2024 October 24 11:47:37 PDTCisco Adaptive Security Appliance and Firepower Threat Defense Software TLS Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-tls-CWY6zXB?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Adaptive Security Appliance and Firepower Threat Defense Software TLS Denial of Service Vulnerability&vs_k=1
<p>A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.</p>
<p>This vulnerability is due to improper data validation during the TLS 1.3 handshake. An attacker could exploit this vulnerability by sending a crafted TLS 1.3 packet to an affected system through a TLS 1.3-enabled listening socket. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.</p>
<p><strong>Note:</strong> This vulnerability can also impact the integrity of a device by causing VPN HostScan communication failures or file transfer failures when Cisco ASA Software is upgraded using Cisco Adaptive Security Device Manager (ASDM).</p>
<p>Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-tls-CWY6zXB">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-tls-CWY6zXB</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: High
<br/>CVE: CVE-2024-20494
Cisco Security AdvisoryWed, 2024 October 23 23:00:00 PDTCisco Firepower Threat Defense Software and Cisco FirePOWER Services TCP/IP Traffic with Snort 2 and Snort 3 Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-ftd-snort-fw-BCJTZPMu?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Firepower Threat Defense Software and Cisco FirePOWER Services TCP/IP Traffic with Snort 2 and Snort 3 Denial of Service Vulnerability&vs_k=1
<p>A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense (FTD) Software and Cisco FirePOWER Services could allow an unauthenticated, remote attacker to cause legitimate network traffic to be dropped, resulting in a denial of service (DoS) condition.</p>
<p>This vulnerability is due to the improper handling of TCP/IP network traffic. An attacker could exploit this vulnerability by sending a large amount of TCP/IP network traffic through the affected device. A successful exploit could allow the attacker to cause the Cisco FTD device to drop network traffic, resulting in a DoS condition. The affected device must be rebooted to resolve the DoS condition.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-ftd-snort-fw-BCJTZPMu" rel="nofollow">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-ftd-snort-fw-BCJTZPMu</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300" rel="nofollow">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: High
<br/>CVE: CVE-2024-20351
Cisco Security AdvisoryWed, 2024 October 23 23:00:00 PDTCisco Firepower Threat Defense Software for Cisco Firepower 2100 Series Appliances TCP UDP Snort 2 and Snort 3 Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd2100-snort-dos-M9HuMt75?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Firepower Threat Defense Software for Cisco Firepower 2100 Series Appliances TCP UDP Snort 2 and Snort 3 Denial of Service Vulnerability&vs_k=1
<p>A vulnerability in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause memory corruption, which could cause the Snort detection engine to restart unexpectedly.</p>
<p>This vulnerability is due to improper memory management when the Snort detection engine processes specific TCP or UDP packets. An attacker could exploit this vulnerability by sending crafted TCP or UDP packets through a device that is inspecting traffic using the Snort detection engine. A successful exploit could allow the attacker to restart the Snort detection engine repeatedly, which could cause a denial of service (DoS) condition. The DoS condition impacts only the traffic through the device that is examined by the Snort detection engine. The device can still be managed over the network.</p>
<p><strong>Note: </strong>Once a memory block is corrupted, it cannot be cleared until the Cisco Firepower 2100 Series Appliance is manually reloaded. This means that the Snort detection engine could crash repeatedly, causing traffic that is processed by the Snort detection engine to be dropped until the device is manually reloaded.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd2100-snort-dos-M9HuMt75">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd2100-snort-dos-M9HuMt75</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: High
<br/>CVE: CVE-2024-20330
Cisco Security AdvisoryWed, 2024 October 23 23:00:00 PDTCisco Firepower Threat Defense Software Vulnerability Database with Snort Detection Engine Security Policy Bypass and Denial of Service Issue
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-vdb-snort-djj4cnbR?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Firepower Threat Defense Software Vulnerability Database with Snort Detection Engine Security Policy Bypass and Denial of Service Issue&vs_k=1
<p>An issue with a Cisco Vulnerability Database (VDB) release for Cisco Firepower Threat Defense (FTD) Software could cause the Snort detection engine to restart unexpectedly when inspecting traffic. While the Snort detection engine is restarting, traffic could bypass Snort inspection or be dropped, depending on the device configuration. For more information, see the <a href="#details">Details</a> section of this advisory.</p>
<p>The Snort 2 and Snort 3 detection engines are both affected. The Snort detection engine will restart automatically. No manual intervention is required.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-vdb-snort-djj4cnbR">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-vdb-snort-djj4cnbR</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Informational
Cisco Security AdvisoryWed, 2024 October 23 23:00:00 PDTCisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100, and 4200 Series Static Credential Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100, and 4200 Series Static Credential Vulnerability&vs_k=1
<p>A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials.</p>
<p>This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device.</p>
<p>Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a id="u_psirt_publication.u_public_url_link" class="web web-inline form-control-static" tabindex="0" href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5" target="_blank" rel="noopener" name="u_psirt_publication.u_public_url_link" aria-hidden="false">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Critical
<br/>CVE: CVE-2024-20412
Cisco Security AdvisoryWed, 2024 October 23 23:00:00 PDTCisco Firepower Threat Defense Software Geolocation ACL Bypass Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-geoip-bypass-MB4zRDu?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Firepower Threat Defense Software Geolocation ACL Bypass Vulnerability&vs_k=1
<p>A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy.</p>
<p>This vulnerability is due to improper assignment of geolocation data. An attacker could exploit this vulnerability by sending traffic through an affected device. A successful exploit could allow the attacker to bypass a geolocation-based access control policy and successfully send traffic to a protected device.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-geoip-bypass-MB4zRDu">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-geoip-bypass-MB4zRDu</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20431
Cisco Security AdvisoryWed, 2024 October 23 23:00:00 PDTCisco Secure Firewall Management Center Software Cross-Site Scripting Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Secure Firewall Management Center Software Cross-Site Scripting Vulnerabilities&vs_k=1
<p>Multiple vulnerabilities in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.<br> <br>These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.</p>
<p>Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-dhJxQYZs</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20264,CVE-2024-20269,CVE-2024-20273,CVE-2024-20298,CVE-2024-20300,CVE-2024-20364,CVE-2024-20372,CVE-2024-20386,CVE-2024-20403,CVE-2024-20409,CVE-2024-20410,CVE-2024-20415
Cisco Security AdvisoryWed, 2024 October 23 23:00:00 PDTCisco Secure Firewall Management Center Software SQL Injection Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inj-LOYAFcfq?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities&vs_k=1
<p>Multiple vulnerabilities in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.</p>
<p>These vulnerabilities exist because the web-based management interface does not validate user input adequately. An attacker could exploit these vulnerabilities by authenticating to the application as an <em>Administrator</em> and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain unauthorized data from the database and make changes to the system. To exploit these vulnerabilities, an attacker would need <em>Administrator</em>-level privileges.</p>
<p>Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inj-LOYAFcfq">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inj-LOYAFcfq</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20471,CVE-2024-20472,CVE-2024-20473
Cisco Security AdvisoryWed, 2024 October 23 23:00:00 PDTCisco Secure Firewall Management Center Software Arbitrary File Read Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-read-5q4mQRn?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Secure Firewall Management Center Software Arbitrary File Read Vulnerability&vs_k=1
<p>A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system.</p>
<p>This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-read-5q4mQRn">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-read-5q4mQRn</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20379
Cisco Security AdvisoryWed, 2024 October 23 23:00:00 PDTCisco Secure Firewall Management Center Software Command Injection Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Secure Firewall Management Center Software Command Injection Vulnerability&vs_k=1
<p>A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as <em>root</em>.</p>
<p>This vulnerability is due to insufficient input validation of certain HTTP requests. An attacker could exploit this vulnerability by authenticating to the web-based management interface of an affected device and then sending a crafted HTTP request to the device. A successful exploit could allow the attacker to execute arbitrary commands with <em>root</em> permissions on the underlying operating system of the Cisco FMC device or to execute commands on managed Cisco Firepower Threat Defense (FTD) devices. To exploit this vulnerability, the attacker would need valid credentials for a user account with at least the role of <em>Security Analyst (Read Only)</em>.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Critical
<br/>CVE: CVE-2024-20424
Cisco Security AdvisoryWed, 2024 October 23 23:00:00 PDTCisco Secure Firewall Management Center Software Cluster Backup Command Injection Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-g8AOKnDP?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Secure Firewall Management Center Software Cluster Backup Command Injection Vulnerability&vs_k=1
<p>A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system.</p>
<p>This vulnerability is due to insufficient validation of user data that is supplied through the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary operating system commands on the affected device. To exploit this vulnerability, an attacker would need valid credentials for a user account with at least the role of Network Administrator. In addition, the attacker would need to persuade a legitimate user to initiate a cluster backup on the affected device.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-g8AOKnDP">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-g8AOKnDP</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20275
Cisco Security AdvisoryWed, 2024 October 23 23:00:00 PDTCisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Web Client Services Cross-Site Scripting Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-yjj7ZjVq?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Web Client Services Cross-Site Scripting Vulnerabilities&vs_k=1
<p>Multiple vulnerabilities in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated<span style="text-decoration: underline;">,</span> remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device.</p>
<p>These vulnerabilities are due to improper validation of user-supplied input to application endpoints. An attacker could exploit these vulnerabilities by persuading a user to follow a link designed to submit malicious input to the affected application. A successful exploit could allow the attacker to execute arbitrary HTML or script code in the browser in the context of the web services page. </p>
<p>Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-yjj7ZjVq">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-yjj7ZjVq</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20341,CVE-2024-20382
Cisco Security AdvisoryWed, 2024 October 23 23:00:00 PDTCisco Adaptive Security Appliance and Firepower Threat Defense Software SSL VPN Memory Management Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-dos-hOnB9pH4?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Adaptive Security Appliance and Firepower Threat Defense Software SSL VPN Memory Management Denial of Service Vulnerability&vs_k=1
<p>A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.</p>
<p>This vulnerability is due to a logic error in memory management when the device is handling SSL VPN connections. An attacker could exploit this vulnerability by sending crafted SSL/TLS packets to the SSL VPN server of the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a id="u_psirt_publication.u_public_url_link" class="web web-inline form-control-static" tabindex="0" href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-dos-hOnB9pH4" target="_blank" rel="noopener" name="u_psirt_publication.u_public_url_link" aria-hidden="false">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-dos-hOnB9pH4</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: High
<br/>CVE: CVE-2024-20402
Cisco Security AdvisoryWed, 2024 October 23 23:00:00 PDTCisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-lce-vU3ekMJ3?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability&vs_k=1
<p>A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with <em>root</em>-level privileges. <em>Administrator</em>-level privileges are required to exploit this vulnerability.</p>
<p>This vulnerability is due to improper validation of a specific file when it is read from system flash memory. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-lce-vU3ekMJ3">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-lce-vU3ekMJ3</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: High
<br/>CVE: CVE-2024-20485
Cisco Security AdvisoryWed, 2024 October 23 23:00:00 PDTCisco Adaptive Security Appliance and Firepower Threat Defense Software Dynamic Access Policies Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dap-dos-bhEkP7n?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Adaptive Security Appliance and Firepower Threat Defense Software Dynamic Access Policies Denial of Service Vulnerability&vs_k=1
<p>A vulnerability in the Dynamic Access Policies (DAP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly. To exploit this vulnerability, an attacker would need valid remote access VPN user credentials on the affected device.</p>
<p>This vulnerability is due to improper validation of data in HTTPS POST requests. An attacker could exploit this vulnerability by sending a crafted HTTPS POST request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dap-dos-bhEkP7n">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dap-dos-bhEkP7n</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: High
<br/>CVE: CVE-2024-20408
Cisco Security AdvisoryWed, 2024 October 23 23:00:00 PDTCisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access VPN Brute Force Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-bf-dos-vDZhLqrW?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access VPN Brute Force Denial of Service Vulnerability&vs_k=1
<p>A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service.</p>
<p>This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service. Services that are not related to VPN are not affected.</p>
<p>Cisco Talos discussed these attacks in the blog post <a href="https://blog.talosintelligence.com/large-scale-brute-force-activity-targeting-vpns-ssh-services-with-commonly-used-login-credentials/" target="_blank" rel="noopener">Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials</a>.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-bf-dos-vDZhLqrW">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-bf-dos-vDZhLqrW</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20481
Cisco Security AdvisoryWed, 2024 October 23 23:00:00 PDTCisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access SSL VPN Authentication Targeted Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-vpn-nyH3fhp?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access SSL VPN Authentication Targeted Denial of Service Vulnerability&vs_k=1
<p>A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to prevent users from authenticating.</p>
<p>This vulnerability is due to insufficient entropy in the authentication process. An attacker could exploit this vulnerability by determining the handle of an authenticating user and using it to terminate their authentication session. A successful exploit could allow the attacker to force a user to restart the authentication process, preventing a legitimate user from establishing remote access VPN sessions.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-vpn-nyH3fhp">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-vpn-nyH3fhp</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20331
Cisco Security AdvisoryWed, 2024 October 23 23:00:00 PDTCisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access SSL VPN Authentication Targeted Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-vpn-4gYEWMKg?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access SSL VPN Authentication Targeted Denial of Service Vulnerability&vs_k=1
<p>A vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to deny further VPN user authentications for several minutes, resulting in a temporary denial of service (DoS) condition.</p>
<p>This vulnerability is due to ineffective handling of memory resources during the authentication process. An attacker could exploit this vulnerability by sending crafted packets, which could cause resource exhaustion of the authentication process. A successful exploit could allow the attacker to deny authentication for Remote Access SSL VPN users for several minutes, resulting in a temporary DoS condition.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-vpn-4gYEWMKg">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-vpn-4gYEWMKg</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20493
Cisco Security AdvisoryWed, 2024 October 23 23:00:00 PDTCisco Adaptive Security Appliance and Firepower Threat Defense Software FXOS CLI Root Privilege Escalation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-priv-esc-hBS9gnwq?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Adaptive Security Appliance and Firepower Threat Defense Software FXOS CLI Root Privilege Escalation Vulnerability&vs_k=1
<div>A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to elevate their administrative privileges to <em>root</em>. The attacker would need valid administrative credentials on the device to exploit this vulnerability. </div>
<div> </div>
<div>This vulnerability exists because certain system configurations and executable files have insecure storage and permissions. An attacker could exploit this vulnerability by authenticating on the device and then performing a series of steps that includes downloading malicious system files and accessing the Cisco FXOS CLI to configure the attack. A successful exploit could allow the attacker to obtain <em>root</em> access on the device.</div>
<div>
</div>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-priv-esc-hBS9gnwq">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-priv-esc-hBS9gnwq</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20370
Cisco Security AdvisoryWed, 2024 October 23 16:00:00 PDTCisco Adaptive Security Appliance and Firepower Threat Defense Software IKEv2 VPN Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-9FgEyHsF?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Adaptive Security Appliance and Firepower Threat Defense Software IKEv2 VPN Denial of Service Vulnerability&vs_k=1
<p>A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.</p>
<p>This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-9FgEyHsF">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-9FgEyHsF</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: High
<br/>CVE: CVE-2024-20426
Cisco Security AdvisoryWed, 2024 October 23 16:00:00 PDTCisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access VPN Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-vpn-cZf8gT?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access VPN Denial of Service Vulnerability&vs_k=1
<p>A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition on an affected device.</p>
<p>This vulnerability is due to improper validation of client key data after the TLS session is established. An attacker could exploit this vulnerability by sending a crafted key value to an affected system over the secure TLS session. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-vpn-cZf8gT">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-vpn-cZf8gT</a></p>
<section class="bdl_text" data-bdl-txt="ASA Bundle: Summary ERP">
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
</section>
<br/>Security Impact Rating: High
<br/>CVE: CVE-2024-20495
Cisco Security AdvisoryWed, 2024 October 23 16:00:00 PDTCisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability&vs_k=1
<p>A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as <em>root</em>.</p>
<p>This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by submitting crafted input when executing remote CLI commands over SSH. A successful exploit could allow the attacker to execute commands on the underlying operating system with <em>root</em>-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system.</p>
<p>Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Critical
<br/>CVE: CVE-2024-20329
Cisco Security AdvisoryWed, 2024 October 23 16:00:00 PDTCisco Adaptive Security Appliance Software SSH Server Resource Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-dos-eEDWu5RM?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Adaptive Security Appliance Software SSH Server Resource Denial of Service Vulnerability&vs_k=1
<p>A vulnerability in the SSH server of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for the SSH server of an affected device.</p>
<p>This vulnerability is due to a logic error when an SSH session is established. An attacker could exploit this vulnerability by sending crafted SSH messages to an affected device. A successful exploit could allow the attacker to exhaust available SSH resources on the affected device so that new SSH connections to the device are denied, resulting in a DoS condition. Existing SSH connections to the device would continue to function normally. The device must be rebooted manually to recover. However, user traffic would not be impacted and could be managed using a remote application such as Cisco Adaptive Security Device Manager (ASDM).</p>
<p>Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-dos-eEDWu5RM">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-dos-eEDWu5RM</a></p>
<p>This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300">Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication</a>.</p>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2024-20526
Cisco Security AdvisoryWed, 2024 October 23 16:00:00 PDT