====================================================================== CERT-Renater Note d'Information No. 2024/VULN342 _____________________________________________________________________ DATE : 28/08/2024 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco NX-OS, Cisco Application Policy Infrastructure Controller. ===================================================================== https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dhcp6-relay-dos-znEAA6xn https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-priv-esc-uYQJjnuU https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bshacepe-bApeHSx7 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmdinj-Lq6jsZhH https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-cousmo-uBpBYGbq _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2024-August-28. The following PSIRT security advisories (1 High, 5 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco NX-OS Software DHCPv6 Relay Agent Denial of Service Vulnerability - SIR: High 2) Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability - SIR: Medium 3) Cisco NX-OS Software Bash Arbitrary Code Execution and Privilege Escalation Vulnerabilities - SIR: Medium 4) Cisco NX-OS Software Python Sandbox Escape Vulnerabilities - SIR: Medium 5) Cisco NX-OS Software Command Injection Vulnerability - SIR: Medium 6) Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco NX-OS Software DHCPv6 Relay Agent Denial of Service Vulnerability CVE-2024-20446 SIR: High CVSS Score v(3.1): 8.6 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dhcp6-relay-dos-znEAA6xn ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dhcp6-relay-dos-znEAA6xn"] +-------------------------------------------------------------------- 2) Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability CVE-2024-20478 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-priv-esc-uYQJjnuU ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-priv-esc-uYQJjnuU"] +-------------------------------------------------------------------- 3) Cisco NX-OS Software Bash Arbitrary Code Execution and Privilege Escalation Vulnerabilities CVE-2024-20411, CVE-2024-20413 SIR: Medium CVSS Score v(3.1): 6.7 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bshacepe-bApeHSx7 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bshacepe-bApeHSx7"] +-------------------------------------------------------------------- 4) Cisco NX-OS Software Python Sandbox Escape Vulnerabilities CVE-2024-20284, CVE-2024-20285, CVE-2024-20286 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du"] +-------------------------------------------------------------------- 5) Cisco NX-OS Software Command Injection Vulnerability CVE-2024-20289 SIR: Medium CVSS Score v(3.1): 4.4 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmdinj-Lq6jsZhH ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmdinj-Lq6jsZhH"] +-------------------------------------------------------------------- 6) Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability CVE-2024-20279 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-cousmo-uBpBYGbq ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-cousmo-uBpBYGbq"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================