======================================================================

                                   CERT-Renater

                        Note d'Information No. 2024/VULN207
_____________________________________________________________________

DATE                : 18/04/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Integrated Management,
                                    Controller,
                       Cisco IOS, Cisco IOS XE Software.

=====================================================================
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ
_____________________________________________________________________

Below is the list of Cisco Security Advisories published by Cisco
PSIRT on 2024-April-17.

The following PSIRT security advisories (2 High, 1 Medium) were
published at 16:00 UTC today.

Table of Contents:

1) Cisco Integrated Management Controller Web-Based Management
Interface Command Injection Vulnerability - SIR: High

2) Cisco Integrated Management Controller CLI Command Injection
Vulnerability - SIR: High

3) Cisco IOS and IOS XE Software SNMP Extended Named Access Control
List Bypass Vulnerability - SIR: Medium

+--------------------------------------------------------------------

1) Cisco Integrated Management Controller Web-Based Management
Interface Command Injection Vulnerability

CVE-2024-20356

SIR: High

CVSS Score v(3.1): 8.7

URL: 
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb 
["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb"]

+--------------------------------------------------------------------

2) Cisco Integrated Management Controller CLI Command Injection
Vulnerability

CVE-2024-20295

SIR: High

CVSS Score v(3.1): 8.8

URL: 
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ 
["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ"]

+--------------------------------------------------------------------

3) Cisco IOS and IOS XE Software SNMP Extended Named Access
Control List Bypass Vulnerability

CVE-2024-20373

SIR: Medium

CVSS Score v(3.1): 5.3

URL: 
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww 
["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww"]

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================