Sintesi

Aggiornamenti di sicurezza sanano diverse nuove vulnerabilità, di cui 8 con gravità “alta”, in alcuni prodotti Cisco.

Tipologia

• Remote Code Execution
• Denial of Service
• Spoofing
• Information Leakage

Prodotti e/o versioni affette

Cisco

• IOS XE
• IOS
• Catalyst SD-WAN Routers
• Catalyst Center

Azioni di mitigazione

Si raccomanda di aggiornare i prodotti vulnerabili seguendo le istruzioni fornite dal vendor per ciascun prodotto interessato e riportate nei bollettini di sicurezza disponibili ai link nella sezione Riferimenti.

Identificatori univoci vulnerabilità

Di seguito sono riportate le sole CVE relative alle vulnerabilità con gravità “alta”:

CVE-2024-20437

CVE-2024-20433

CVE-2024-20464

CVE-2024-20480

CVE-2024-20467

CVE-2024-20436

CVE-2024-20455

CVE-2024-20350

Riferimenti

https://sec.cloudapps.cisco.com/security/center/publicationListing.x

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-csrf-ycUYxkKO?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20XE%20Software%20Web%20UI%20Cross-Site%20Request%20Forgery%20Vulnerability%26vs_k=1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rsvp-dos-OypvgVZf?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Resource%20Reservation%20Protocol%20Denial%20of%20Service%20Vulnerability%26vs_k=1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pim-APbVfySJ?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20XE%20Software%20Protocol%20Independent%20Multicast%20Denial%20of%20Service%20Vulnerability%26vs_k=1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-MBcbG9k?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20XE%20Software%20SD-Access%20Fabric%20Edge%20Node%20Denial%20of%20Service%20Vulnerability%26vs_k=1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpp-vfr-dos-nhHKGgO?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20XE%20Software%20IPv4%20Fragmentation%20Reassembly%20Denial%20of%20Service%20Vulnerability%26vs_k=1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-httpsrvr-dos-yOZThut?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20IOS%20XE%20Software%20HTTP%20Server%20Telephony%20Services%20Denial%20of%20Service%20Vulnerability%26vs_k=1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-utd-dos-hDATqxs?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20SD-WAN%20Routers%20Denial%20of%20Service%20Vulnerability%26vs_k=1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ssh-e4uOdASj?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20Center%20Static%20SSH%20Host%20Key%20Vulnerability%26vs_k=1

¹La presente stima è effettuata tenendo conto di diversi parametri, tra i quali: CVSS, disponibilità di patch/workaround e PoC, diffusione dei software/dispositivi interessati nella comunità di riferimento.