close
close

Cisco: Sicherheitslücken in Zahlreichen Products

Cisco: Sicherheitslücken in Zahlreichen Products

Cisco hat der Nacht zum 15 new Sicherheitsmitteilungen veröffentlicht in Donnerstag. Choose a product palette. Darunter found a critically important risk and found Sicherheitslücken with multiple risks. IT-Verantwortliche sollten prüfen, ob sie verwundbare Device insetzen ve die bereitstehenden aktualisierungen always.

Anzeige


A Schwachstelle (CVE-2024-20418) is included with a CVSS-Einstufung in Cisco Unified Industrial Wireless Software 10 to 10 möglichen Punkten das höchstmögliche Riskiko, “critical“, you can find the web-based database of Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points. Not authenticated with Netz and not authenticated by gaining root access through the Betriebs system. Catalyst IW9165D Heavy Duty Access Points, Catalyst IW9165E Rugged Access Points and Manage and update HTTP-Devices for Wireless Clients and Catalyst IW9167E Heavy Duty Access Points.

In the Cisco Nexus Dashboard Fabric Controller, Angreifers can be created via Netz and a SQL-Injection-Schwachstelle can have a better SQL-Befele in web-based data transfer with a REST-API-Endpunkt. Geräten zu missbrauchen. Das ermöglicht ihnen, beliebige Daten einer internen Datenbank zu lesen, verändern oder zu löschen, “Auswirkungen auf die Verfügbarkeit” angegriffener Geräte haben kann (CVE-2024-20536, CVSS) 8.8, idiot).

There is also the risk of Cisco betraying Cisco in a Denial of Service Case in Enterprise Chat and Email. Unauthenticated Akteure in Netz provides custom provisioning Media Routing Peripheral Interface Manager (MR PIM)-Traffic and full data transfer from the device (CVE-2024-20484, CVSS) in External Agent Assignment Service (EAAS) functionality. 7.5, idiot).

The rest resemble Schwachstellen, Cisco the best of Bedrohungsgrad. Some security measures that Cisco keeps out of the risk ranking:

Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point Command Injection VulnerabilityCVSS 10.0“Risk”critical
Cisco Nexus Dashboard Fabric Controller SQL Injection VulnerabilityCVSS 8.8, idiot
Cisco Enterprise Chat and Email Denial of Service VulnerabilityCVSS 7.5, idiot
Cisco Identity Services Engine Auth Bypass and Cross-Site Scripting VulnerabilitiesCVSS 6.5, Mittel
Cisco Unified Communications Manager IM and Presence Service Information Disclosure VulnerabilityCVSS 6.5, Mittel
Cisco Identity Services Engine VulnerabilitiesCVSS 6.1, Mittel
Cisco Unified Communications Manager Cross-Site Scripting VulnerabilityCVSS 6.1, Mittel
Stored Cross-Site Scripting Vulnerability in Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web ApplianceCVSS 5.4, Mittel
Cisco Enhanced Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting VulnerabilityCVSS 5.4, Mittel
Cisco Unified Contact Center Management Portal Stored Cross-Site Scripting VulnerabilityCVSS 5.4, Mittel
Access Control List Programming Vulnerability in Cisco Nexus 3550-F SwitchesCVSS 5.3, Mittel
Information Disclosure Vulnerability in Cisco 7800, 8800, and 9800 Series PhonesCVSS 5.3, Mittel
Cisco 6800, 7800, 8800, and 9800 Series Phones with Cross-Site Scripting Vulnerabilities Stored in Multi-Platform FirmwareCVSS 4.8, Mittel
Information Disclosure Vulnerability in Cisco Meeting ManagementCVSS 4.3, Mittel
Cisco Identity Services Engine VulnerabilitiesCVSS 4.3, Mittel

We know Cisco is running Brute-Force-Schutz with VPN Logins for more ASA and FTD Devices. In April, VPN Server reconfiguration was achieved with Password Spraying and Brute Force Attack.


(DMK)