Request a Demo
Rewterz
LunarWeb and LunarMail Backdoors Used by Turla Group to Target Diplomatic Missions – Active IOCs
May 16, 2024
Rewterz
Over 53,000 Employees Affected by Nissan North America Data Breach
May 16, 2024

Multiple Cisco Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-20391 CVSS: 6.8

Cisco Secure Client for Windows could allow a physical attacker to gain elevated privileges on the system, caused by the lack of authentication on a specific function. An attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges.

CVE-2024-20326 CVSS: 7.8

Cisco Crosswork Network Services Orchestrator could allow a local authenticated attacker to bypass security restrictions, caused by improper authorization enforcement when specific CLI commands are used. By executing a specially crafted CLI command, an attacker could exploit this vulnerability to read or write arbitrary files on the underlying operating system with the privileges of the root user.

CVE-2024-20389 CVSS: 7.8

Cisco Crosswork Network Services Orchestrator could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect privilege assignment when specific CLI commands are used. By executing a specially crafted CLI command, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-20369 CVSS: 4.7

Cisco Crosswork Network Services Orchestrator could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.

CVE-2024-20392 CVSS: 5.4

Cisco Secure Email Gateway is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability to inject arbitrary HTTP response header in some form and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information.

CVE-2024-20394 CVSS: 5.5

Cisco AppDynamics Network Visibility Agent is vulnerable to a denial of service, caused by inability to handle unexpected input. By sending a specially crafted HTTP request, a local attacker could exploit this vulnerability to cause the Network Agent Service to stop on the local device.

CVE-2024-20257 CVSS: 4.8

Cisco Secure Email Gateway is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web UI. A remote authenticated attacker could exploit this vulnerability using a specially crafted URL to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVE-2024-20258 CVSS: 6.1

Cisco Secure Email and Web Manager and Secure Email Gateway are vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web UI. A remote attacker could exploit this vulnerability using a specially crafted URL to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVE-2024-20256 CVSS: 4.8

Cisco Secure Email and Web Manager is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web UI. A remote authenticated attacker could exploit this vulnerability using a specially crafted URL to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVE-2024-20366 CVSS: 7.8

Cisco Crosswork Network Services Orchestrator could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error in the Tail-f High Availability Cluster Communications (HCC) function pack. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code on an affected device as the root user.

Impact

  • Denial of Service
  • Privilege Escalation
  • Security Bypass
  • Gain Access
  • Cross-Site Scripting

Indicators of Compromise

CVE

  • CVE-2024-20391
  • CVE-2024-20326
  • CVE-2024-20389
  • CVE-2024-20369
  • CVE-2024-20392
  • CVE-2024-20394
  • CVE-2024-20257
  • CVE-2024-20258
  • CVE-2024-20256
  • CVE-2024-20366

Affected Vendors

Cisco

Affected Products

  • Cisco Secure Email Gateway
  • Cisco Secure Client for Windows
  • Cisco Crosswork Network Services Orchestrator
  • Cisco Network Services Orchestrator 5.4
  • Cisco Network Services Orchestrator 5.0
  • Cisco Network Services Orchestrator 6.0
  • Cisco Secure Email and Web Manager 15.5
  • Cisco Secure Email Gateway 15.0
  • Cisco Secure Web Appliance 15.0
  • Cisco AppDynamics Network Visibility Agent

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-20391

CVE-2024-20326

CVE-2024-20389

CVE-2024-20369

CVE-2024-20392

CVE-2024-20394

CVE-2024-20257

CVE-2024-20258

CVE-2024-20256

CVE-2024-20366