Cisco Releases New Security Advisories - 20240718003¶
Overview¶
The WA SOC has been made aware of a number of critical-to-medium vulnerabilites released by Cisco across a range of products.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| Cisco Smart Software Manager | Versions before 8-202212 | CVE-2024-20419 | 10 | Critical |
| Cisco Secure Email Gateway | The Content Scanner Tools version is earlier than 23.3.0.4823 | CVE-2024-20401 | 9.8 | Critical |
| Cisco Secure Web Appliance | Versions before 14.5.3 MR (Jul 2024), 15.0 MR (Aug 2024), and 15.2.0-164 | CVE-2024-20435 | 8.8 | High |
| RADIUS Protocol | RFC 2865 | CVE-2024-3596 | 8.1 | High |
| Cisco Intelligent Node | Cisco iNode Software versions before 4.0.0 Cisco iNode Manager Software versions before 24.1 |
CVE-2024-20323 | 7.5 | High |
| Cisco Small Business RV Series Router Firmware for RV340 and RV345 Dual WAN Gigabit VPN Routers | 1.0.03.24 or later (has reached end-of-life) | CVE-2024-20416 | 6.5 | Medium |
| Cisco Secure Email Gateway | Versions before 14.2.3-027, and 15.0.0-097 | CVE-2024-20429 | 6.5 | Medium |
| Cisco Webex App | Cloud-based software | CVE-2024-20395 CVE-2024-20396 |
6.4 5.3 |
Medium Medium |
| Cisco Identity Services Engine Software | Versions before 3.1P10 (Jan 2025), 3.2P7 (Sep 2024), and 3.3P3 | CVE-2024-20296 | 4.7 | Medium |
| Cisco Expressway Series | Versions before 15.0.2 | CVE-2024-20400 | 3.1 | Medium |
What has been observed?¶
The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described for CVE-2024-20419. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):