Cisco Family August 2024 First Round Security Update Advisory

Overview

 

Cisco(https://www.cisco.com) has released a security update that fixes vulnerabilities in products it has been made. Users of affected systems are advised to update to the latest version.

 

Affected Products

 

Cisco Identity Services Engine Software

Cisco Unified Communications Manager

 

Resolved Vulnerabilities

 

Vulnerability in Cisco Unified Communications Manager that could allow a denial of service due to improper parsing of SIP messages (CVE-2024-20375, CVSS 8.6) [1]

Vulnerability in Cisco Identity Services Engine Software due to insufficient validation of administrator privileges, allowing sensitive information to be collected (CVE-2024-20466, CVSS 6.5) [2]

Vulnerability in Cisco Identity Services Engine Software due to lack of user input validation, which could allow viewing or modifying data on affected devices (CVE-2024-20417, CVSS 6.5) [3]

Vulnerability in Cisco Identity Services Engine Software due to lack of CSRF protection in the web-based management interface, which could allow arbitrary attacker commands (CVE-2024-20486, CVSS 6.5) [4]

Vulnerability in Cisco Unified Communications Manager in the web-based administration feature due to insufficient validation of user input, which could allow arbitrary scripted command execution (CVE-2024-20488, CVSS 6.1) [5]

 

Vulnerability Patches

 

Product-specific Vulnerability Patches were made available in the August 21, 2024 update. please refer to the ‘Affected Products’ and ‘Fixed Software’ in the product-specific information in the Referenced Sites below to apply the patches.

 

Referenced Sites

 

[1] Cisco Unified Communications Manager Denial of Service Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-kkHq43We

[2] Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-vdF8Jbyk

[3] Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rest-5bPKrNtZ

[4] Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-csrf-y4ZUz5Rj

[5] Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-9zmfHyZ

Article Link: Cisco Family August 2024 First Round Security Update Advisory – ASEC