Cisco Vulnerabilities July 17, 2024
CVE-2024-20296, CVE-2024-20435, CVE-2024-20323, CVE-2024-20395, CVE-2024-20396, CVE-2024-20400, CVE-2024-20401, CVE-2024-20416, CVE-2024-20419, CVE-2024-20429
CVE-2024-20435: Cisco Secure Web Appliance Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. An attacker could exploit this by authenticating to the system and executing a crafted command, allowing them to execute arbitrary commands on the underlying OS and elevate privileges to root. To exploit, an attacker would need at least guest credentials.
CVE-2024-20429: Cisco Secure Email Gateway Command Execution Vulnerability
A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. An attacker could exploit this by sending a crafted HTTP request, allowing them to execute arbitrary commands on the OS with root privileges. To exploit, an attacker would need at least valid Operator credentials.
CVE-2024-20419: Cisco Smart Software Manager On-Prem Password Change Vulnerability
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. An attacker could exploit this by sending crafted HTTP requests, allowing them to access the web UI or API with the privileges of the compromised user.
CVE-2024-20416: Cisco RV340/RV345 Router Code Execution Vulnerability
A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. An attacker could exploit this by sending crafted HTTP requests, allowing them to execute arbitrary code as root on the underlying OS. To exploit, an attacker would need valid credentials.
CVE-2024-20401: Cisco Secure Email Gateway File Overwrite Vulnerability
A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying OS. An attacker could exploit this by sending an email with a crafted attachment, allowing them to replace any file on the file system and perform actions like adding root users, modifying config, executing code, or causing permanent DoS.
CVE-2024-20400: Cisco Expressway Series Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. An attacker could exploit this by intercepting and modifying an HTTP request from a user, allowing them to redirect the user to a malicious site.
CVE-2024-20396: Cisco Webex App Information Disclosure Vulnerability
A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. An attacker could exploit this by persuading a user to follow a link that causes the application to send requests, allowing the attacker to capture sensitive information, including credentials, from the requests.
CVE-2024-20395: Cisco Webex App Session Information Disclosure Vulnerability
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. An attacker could exploit this by sending a message with embedded media that is stored on a messaging server to a targeted user, allowing the attacker to capture session token information from insecurely transmitted requests and potentially reuse the session information.
CVE-2024-20323: Cisco Intelligent Node (iNode) Software TLS Connection Hijacking Vulnerability
A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes and send arbitrary traffic to an affected device. An attacker in a man-in-the-middle position could exploit this by using the static cryptographic key to generate a trusted certificate and impersonate an affected device, allowing them to read data, modify the startup configuration, and cause a DoS condition for downstream devices.
CVE-2024-20296: Cisco Identity Services Engine (ISE) File Upload Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this, an attacker would need at least valid Policy Admin credentials on the affected device. An attacker could exploit this by uploading arbitrary files, allowing them to store malicious files, execute arbitrary commands, and elevate privileges to root.
The search results highlight several critical vulnerabilities affecting Cisco products, particularly the Secure Web Appliance, Secure Email Gateway, and Intelligent Node (iNode) Software. These flaws could allow authenticated and unauthenticated attackers to execute arbitrary commands, elevate privileges, overwrite files, hijack TLS connections, and potentially take full control of affected systems. It is strongly recommended that users take the necessary precautions to protect their systems by contacting Cisco to resolve these vulnerabilities.