==================================================================== CERT-Renater Note d'Information No. 2024/VULN358 _____________________________________________________________________ DATE : 05/09/2024 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco Smart Licensing Utility, Cisco Meraki Systems Manager Agent for Windows, Cisco Duo Epic for Hyperdrive, Cisco Identity Services Engine, Cisco Expressway Edge. ===================================================================== https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-agent-dll-hj-Ptn7PtKe https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-epic-info-sdLv6h8y https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-6kn9tSxm https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-auth-kdFrcZ2j _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2024-September-04. The following PSIRT security advisories (1 Critical, 1 High, 3 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Smart Licensing Utility Vulnerabilities - SIR: Critical 2) Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability - SIR: High 3) Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability - SIR: Medium 4) Cisco Identity Services Engine Command Injection Vulnerability - SIR: Medium 5) Cisco Expressway Edge Improper Authorization Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Smart Licensing Utility Vulnerabilities CVE-2024-20439, CVE-2024-20440 SIR: Critical CVSS Score v(3.1): 9.8 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw"] +-------------------------------------------------------------------- 2) Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability CVE-2024-20430 SIR: High CVSS Score v(3.1): 7.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-agent-dll-hj-Ptn7PtKe ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-agent-dll-hj-Ptn7PtKe"] +-------------------------------------------------------------------- 3) Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability CVE-2024-20503 SIR: Medium CVSS Score v(3.1): 5.5 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-epic-info-sdLv6h8y ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-epic-info-sdLv6h8y"] +-------------------------------------------------------------------- 4) Cisco Identity Services Engine Command Injection Vulnerability CVE-2024-20469 SIR: Medium CVSS Score v(3.1): 6.0 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-6kn9tSxm ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-6kn9tSxm"] +-------------------------------------------------------------------- 5) Cisco Expressway Edge Improper Authorization Vulnerability CVE-2024-20497 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-auth-kdFrcZ2j ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-auth-kdFrcZ2j"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================