Cisco Security Updates for Multiple Products - 20240402001

Overview

Cisco released security updates to address vulnerabilities in Cisco IOS, IOS XE, and AP software. A cyber threat actor could exploit some of these vulnerabilities to perform actions such as privilege escalation, bypass secure boot mechanisms, or cause a denial-of-service.

What is vulnerable?

Product(s) affected	CVE	Severity	CVSS
Cisco IOS and IOS XE Software Security Advisory Bundled Publication	CVE-2024-20307 CVE-2024-20308 CVE-2024-20311 CVE-2024-20259 CVE-2024-20314 CVE-2024-20312 CVE-2024-20276 CVE-2024-20303 CVE-2024-20313 CVE-2024-20278 CVE-2024-20306 CVE-2024-20316 CVE-2024-20309 CVE-2024-20324	High - Medium	8.6 - 5.5
Cisco Access Point Software Denial of Service Vulnerability	CVE-2024-20271	High	8.6
Cisco Access Point Software Secure Boot Bypass Vulnerability	CVE-2024-20265	Medium	5.9

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

• Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication
• Cisco Access Point Software Secure Boot Bypass Vulnerability
• Cisco Access Point Software Denial of Service Vulnerability