Summary : Cisco released patches to address high-severity flaws in IOS and IOS XE software, including vulnerabilities that could lead to denial-of-service attacks.
Key Point :
🔒 CVE-2024-20311 – Vulnerability in LISP feature can cause device reload.
🔒 CVE-2024-20314 – Vulnerability in SD-Access fabric edge node can lead to DoS.
🔒 CVE-2024-20307 – CVE-2024-20308 – Multiple vulnerabilities in IKEv1 feature.
🔒 CVE-2024-20259 – Vulnerability in DHCP snooping feature can cause device reload.
🔒 CVE-2024-20303 – Vulnerability in mDNS gateway feature can cause DoS.
——————–
Cisco this week released patches to address multiple IOS and IOS XE software vulnerabilities. An unauthenticated attacker can exploit several issues fixed by the IT giant to cause a denial-of-service (DoS) condition.
Below are the most severe issues addressed by the company:
CVE-2024-20311 (CVSS score 8.6) – A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software. An unauthenticated, remote attacker can trigger the flaw to cause an affected device to reload.
CVE-2024-20314 (CVSS score 8.6) – A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software. An unauthenticated, remote attacker can trigger the flaw to cause high CPU utilization and stop all traffic processing, resulting in a denial of service (DoS) condition on an affected device.
CVE-2024-20307 – CVE-2024-20308 (CVSS score 8.6) – Multiple vulnerabilities in the Internet Key Exchange version 1 (IKEv1) fragmentation feature of Cisco IOS Software and Cisco IOS XE Software. An attacker could allow an unauthenticated, remote attacker to cause a heap overflow or corruption on an affected system.
CVE-2024-20259 (CVSS score 8.6) – A vulnerability in the DHCP snooping feature of Cisco IOS XE Software. An unauthenticated, remote attacker can trigger the flaw to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
CVE-2024-20303 (CVSS score 7.4) – A vulnerability in the multicast DNS (mDNS) gateway feature of IOS XE Software for Wireless LAN Controllers (WLCs). An unauthenticated, adjacent attacker can trigger the flaw to cause a denial of service (DoS) condition.
The company also addressed other high and medium-severity vulnerabilities in Access Point Software, Catalyst Center, and Aironet Access Point Software.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Cisco)
Source: https://securityaffairs.com/161181/security/cisco-ios-and-ios-xe-software-flaws.html
“An interesting youtube video that may be related to the article above”