Behebung von Sicherheitslücken in Cisco-Produkten (AL02/240926/CSIRT-ITA)

Synthese

Sicherheitsupdates beheben mehrere neue Schwachstellen, darunter 8 mit „hohem“ Schweregrad, in einigen Cisco Risk

Geschätzte Auswirkung der Einschränkung auf die Referenz-Community: MITTEL/GELB (64,87/100) ¹.

Typologie

• Remote-Codeausführung
• Dienstverweigerung
• Spoofing
• Informationsverlust

Betroffene Produkte und/oder Versionen

Cisco

• iOS XE
• IoS
• Router SD-WAN Catalyst
• Centro catalizzatore

Schadensbegrenzungsmaßnahmen

Wir empfehlen Ihnen, anfällige Produkte zu aktualisieren, indem Sie die Anweisungen des Herstellers für jedes betroffene Produkt befolgen und in den Sicherheitsbulletins aufgeführt sind, die über die Links im Abschnitt „Referenzen“ verfügbar sind.

Eindeutige Schwachstellenkennungen

Nachfolgend sind die einzigen CVEs aufgeführt, die sich auf Schwachstellen mit „hohem“ Schweregrad beziehen:

CVE-2024-20437

CVE-2024-20433

CVE-2024-20464

CVE-2024-20480

CVE-2024-20467

CVE-2024-20436

CVE-2024-20455

CVE-2024-20350

Referenzen

https://sec.cloudapps.cisco.com/security/center/publicationListing.x

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-csrf-ycUYxkKO?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p= Cisco%20IOS%20XE%20Software%20Web%20UI%20Intersito%20Richiesta%20Falsificazione%20Vulnerabilità%26vs_k=1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rsvp-dos-OypvgVZf?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p= Cisco%20IOS%20e%20IOS%20XE%20Software%20Risorsa%20Prenotazione%20Protocollo%20Rifiuto%20di%20Servizio%20Vulnerabilità%26vs_k=1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pim-APbVfySJ?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco% 20IOS%20XE%20Software%20Protocollo%20Indipendente%20Multicast%20Rifiuto%20di%20Servizio%20Vulnerabilità%26vs_k=1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-MBcbG9k?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence% 26vs_type=RSS%26vs_p=Cisco%20IOS%20XE%20Software%20SD-Access%20Fabric%20Edge%20Node%20Denial%20of%20Service%20Vulnerability%26vs_k=1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpp-vfr-dos-nhHKGgO?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS% 26vs_p=Cisco%20IOS%20XE%20Software%20IPv4%20Frammentazione%20Riassemblaggio%20Rifiuto%20di%20Servizio%20Vulnerabilità%26vs_k=1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-httpsrvr-dos-yOZThut?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p= Cisco%20IOS%20XE%20Software%20HTTP%20Server%20Telefonia%20Servizi%20Rifiuto%20di%20Servizio%20Vulnerabilità%26vs_k=1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-utd-dos-hDATqxs?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS% 26vs_p=Cisco%20Catalyst%20SD-WAN%20Router%20Denial%20of%20Service%20Vulnerabilità%26vs_k=1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ssh-e4uOdASj?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p= Cisco%20Catalyst%20Center%20Static%20SSH%20Host%20Key%20Vulnerabilità%26vs_k=1

¹ Diese Schätzung erfolgt unter Berücksichtigung verschiedener Parameter, darunter: CVSS, Verfügbarkeit von Patches/Workarounds und PoC, Verbreitung der betroffenen Software/Geräte in der Referenz-Community.