===================================================================== CERT-Renater Note d'Information No. 2024/VULN154 _____________________________________________________________________ DATE : 27/03/2024 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco IOS XE, Cisco IOS, Cisco Access Point Software, Cisco Aironet Access Point Software, Cisco Catalyst Center Software. ===================================================================== https://sec.cloudapps.cisco.com/security/center/publicationListing.x _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2024-March-27. The following PSIRT security advisories (10 High, 7 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability - SIR: High 2) Cisco Access Point Software Denial of Service Vulnerability - SIR: High 3) Cisco IOS XE Software DHCP Snooping with Endpoint Analytics Denial of Service Vulnerability - SIR: High 4) Cisco IOS and IOS XE Software Locator ID Separation Protocol Denial of Service Vulnerability - SIR: High 5) Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerabilities - SIR: High 6) Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability - SIR: High 7) Cisco IOS XE Software OSPFv2 Denial of Service Vulnerability - SIR: High 8) Cisco IOS XE Software for Wireless LAN Controllers Multicast DNS Denial of Service Vulnerability - SIR: High 9) Cisco IOS and IOS XE Software Intermediate System-to-Intermediate System Denial of Service Vulnerability - SIR: High 10) Cisco Access Point Software Secure Boot Bypass Vulnerability - SIR: High 11) Cisco IOS XE Software Privilege Escalation Vulnerability - SIR: Medium 12) Cisco IOS XE Software NETCONF/RESTCONF IPv4 Access Control List Bypass Vulnerability - SIR: Medium 13) Cisco IOS XE Software Unified Threat Defense Command Injection Vulnerability - SIR: Medium 14) Cisco IOS XE Software Auxiliary Asynchronous Port Denial of Service Vulnerability - SIR: Medium 15) Cisco IOS XE Software for Wireless LAN Controllers Privilege Escalation Vulnerability - SIR: Medium 16) Cisco Aironet Access Point Software Resource Exhaustion Denial of Service Vulnerability - SIR: Medium 17) Cisco Catalyst Center Authorization Bypass Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability CVE-2024-20314 SIR: High CVSS Score v(3.1): 8.6 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG"] +-------------------------------------------------------------------- 2) Cisco Access Point Software Denial of Service Vulnerability CVE-2024-20271 SIR: High CVSS Score v(3.1): 8.6 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W"] +-------------------------------------------------------------------- 3) Cisco IOS XE Software DHCP Snooping with Endpoint Analytics Denial of Service Vulnerability CVE-2024-20259 SIR: High CVSS Score v(3.1): 8.6 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dhcp-dos-T3CXPO9z ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dhcp-dos-T3CXPO9z"] +-------------------------------------------------------------------- 4) Cisco IOS and IOS XE Software Locator ID Separation Protocol Denial of Service Vulnerability CVE-2024-20311 SIR: High CVSS Score v(3.1): 8.6 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lisp-3gYXs3qP ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lisp-3gYXs3qP"] +-------------------------------------------------------------------- 5) Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerabilities CVE-2024-20307, CVE-2024-20308 SIR: High CVSS Score v(3.1): 8.6 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev1-NO2ccFWz ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev1-NO2ccFWz"] +-------------------------------------------------------------------- 6) Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability CVE-2024-20276 SIR: High CVSS Score v(3.1): 7.4 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-dos-Hq4d3tZG ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-dos-Hq4d3tZG"] +-------------------------------------------------------------------- 7) Cisco IOS XE Software OSPFv2 Denial of Service Vulnerability CVE-2024-20313 SIR: High CVSS Score v(3.1): 7.4 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ospf-dos-dR9Sfrxp ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ospf-dos-dR9Sfrxp"] +-------------------------------------------------------------------- 8) Cisco IOS XE Software for Wireless LAN Controllers Multicast DNS Denial of Service Vulnerability CVE-2024-20303 SIR: High CVSS Score v(3.1): 7.4 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-mdns-dos-4hv6pBGf ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-mdns-dos-4hv6pBGf"] +-------------------------------------------------------------------- 9) Cisco IOS and IOS XE Software Intermediate System-to-Intermediate System Denial of Service Vulnerability CVE-2024-20312 SIR: High CVSS Score v(3.1): 7.4 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-sGjyOUHX ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-sGjyOUHX"] +-------------------------------------------------------------------- 10) Cisco Access Point Software Secure Boot Bypass Vulnerability CVE-2024-20265 SIR: High CVSS Score v(3.1): 5.9 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD"] +-------------------------------------------------------------------- 11) Cisco IOS XE Software Privilege Escalation Vulnerability CVE-2024-20278 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-seAx6NLX ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-seAx6NLX"] +-------------------------------------------------------------------- 12) Cisco IOS XE Software NETCONF/RESTCONF IPv4 Access Control List Bypass Vulnerability CVE-2024-20316 SIR: Medium CVSS Score v(3.1): 5.8 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dmi-acl-bypass-Xv8FO8Vz ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dmi-acl-bypass-Xv8FO8Vz"] +-------------------------------------------------------------------- 13) Cisco IOS XE Software Unified Threat Defense Command Injection Vulnerability CVE-2024-20306 SIR: Medium CVSS Score v(3.1): 6.0 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-utd-cmd-JbL8KvHT ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-utd-cmd-JbL8KvHT"] +-------------------------------------------------------------------- 14) Cisco IOS XE Software Auxiliary Asynchronous Port Denial of Service Vulnerability CVE-2024-20309 SIR: Medium CVSS Score v(3.1): 5.6 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aux-333WBz8f ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aux-333WBz8f"] +-------------------------------------------------------------------- 15) Cisco IOS XE Software for Wireless LAN Controllers Privilege Escalation Vulnerability CVE-2024-20324 SIR: Medium CVSS Score v(3.1): 5.5 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-wlc-privesc-RjSMrmPK ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-wlc-privesc-RjSMrmPK"] +-------------------------------------------------------------------- 16) Cisco Aironet Access Point Software Resource Exhaustion Denial of Service Vulnerability CVE-2024-20354 SIR: Medium CVSS Score v(3.1): 4.7 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-ap-dos-PPPtcVW ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-ap-dos-PPPtcVW"] +-------------------------------------------------------------------- 17) Cisco Catalyst Center Authorization Bypass Vulnerability CVE-2024-20333 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccc-authz-bypass-5EKchJRb ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccc-authz-bypass-5EKchJRb"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================