Sintesi

Aggiornamenti di sicurezza Cisco sanano 18 nuove vulnerabilità, di cui 11 con gravità “alta”, presenti in diversi prodotti.

Tipologia

• Denial of Service
• Security Restriction Bypass

Prodotti e/o versioni affette

Cisco

• IOS e IOS XE
• 6300 Series Embedded Services APs
• Aironet 1540 Series APs
• Aironet 1560 Series APs
• Aironet 1800 Series APs
• Aironet 2800 Series APs
• Aironet 3800 Series APs
• Aironet 4800 APs
• Business 100 Series APs and Mesh Extenders
• Business 200 Series APs
• Catalyst 6500 Series Switches with Supervisor Engine 2T or 6T
• Catalyst 6800 Series Switches with Supervisor Engine 2T or 6T
• Catalyst 9000 Series Switches
• Catalyst 9100 APs
• Catalyst 9105AX Series APs
• Catalyst 9115 Series APs
• Catalyst 9120AX Series APs
• Catalyst 9124AX Series APs
• Catalyst 9130AX Series APs
• Catalyst 9136 Series APs
• Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
• Catalyst 9800 Series Wireless Controllers
• Catalyst 9800-CL Wireless Controllers for Cloud
• Catalyst Cellular Gateways
• Catalyst IW6300 Heavy Duty Series APs
• DNA Traffic Telemetry Appliance
• Embedded Wireless Controller on Catalyst APs
• Ingress/egress tunnel router
• Integrated APs on 1100 Integrated Services Routers (ISRs)
• Map resolver
• Map server
• Wide Pluggable Form Factor Wi-Fi 6 AP Module for Industrial Routers

Azioni di mitigazione

In linea con le dichiarazioni del vendor, si raccomanda di applicare le mitigazioni disponibili seguendo le indicazioni riportate nei bollettini di sicurezza nella sezione Riferimenti.

Identificatori univoci vulnerabilità

Come indicato dal vendor, si riportano i soli indicatori rilevati da ricercatori esterni con gravità “alta”:

CVE-2024-20303

CVE-2024-20311

CVE-2024-20312

CVE-2024-20313

CVE-2024-20314

CVE-2024-20276

CVE-2024-20307

CVE-2024-20308

CVE-2024-20259

CVE-2024-20265

CVE-2024-20271

Riferimenti

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-mdns-dos-4hv6pBGf

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lisp-3gYXs3qP

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-sGjyOUHX

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ospf-dos-dR9Sfrxp

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-dos-Hq4d3tZG

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev1-NO2ccFWz

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dhcp-dos-T3CXPO9z

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W

¹La presente stima è effettuata tenendo conto di diversi parametri, tra i quali: CVSS, disponibilità di patch/workaround e PoC, diffusione dei software/dispositivi interessati nella comunità di riferimento.