Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-20336 CVSS:6.5

Cisco Small Business 100, 300, and 500 Series Wireless Access Points are vulnerable to a buffer overflow, caused by improper bounds checking. By sending a crafted HTTP request, a remote authentocated attacker could overflow a buffer and execute arbitrary code as the root user.

CVE-2024-20338 CVS:7.3

Cisco Secure Client for Linux with ISE Posture Module could allow a local authenticated attacker to gain elevated privileges on the system, caused by the use of an uncontrolled search path element. By copying a malicious library file to a specific directory in the filesystem and persuading an administrator to restart a specific process, an attacker could exploit this vulnerability to execute arbitrary code with root privileges.

CVE-2024-20335 CVSS:6.5

Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow a remote authenticated attacker to execute arbitrary command on the system, caused by insufficient validation of user-supplied input. By sending a crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands as the root user.

CVE-2024-20337 CVSS:8.2

Cisco Secure Client could allow a remote attacker to execute arbitrary code on the system, caused by insufficient validation of user-supplied input. By persuading a user to click a crafted link while establishing a VPN session, an attacker could exploit this vulnerability to execute arbitrary script code in the browser or access sensitive, browser-based information.

CVE-2024-20301 CVSS:6.2

Cisco Duo Authentication for Windows Logon and RDP could allow a local authenticated attacker to bypass security restrictions, caused by a failure to invalidate locally created trusted sessions after a reboot. By sending a specially crafted request, an attacker could exploit this vulnerability to access the affected device without valid permissions.

CVE-2024-20292 CVSS:4.4

Cisco Duo Authentication for Windows Logon and RDP could allow a local authenticated attacker to obtain sensitive information, caused by improper storage of an unencrypted registry key in certain logs. By accessing the logs, a remote attacker could exploit this vulnerability to view sensitive information in clear text.

CVE-2024-20346 CVSS:5.4

Cisco AppDynamics Controller is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote authenticated could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victims Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victims cookie-based authentication credentials.

CVE-2024-20345 CVSS:6.5

Cisco AppDynamics Controller could allow a remote authenticated attacker to traverse directories on the system. An attacker could sending a crafted request to access sensitive data.

Impact

• Gain Access
• Privilege Escalation
• Code Execution
• Security Bypass
• Information Disclosure
• Cross-Site Scripting

Indicators Of Compromise

CVE

• CVE-2024-20336
• CVE-2024-20338
• CVE-2024-20335
• CVE-2024-20337
• CVE-2024-20301
• CVE-2024-20292
• CVE-2024-20346
• CVE-2024-20345

Affected Vendors

Cisco

Affected Products

• Cisco Secure Client for Linux
• Cisco Secure Client for MacOS
• Cisco Small Business 500 Series Wireless Access Points
• Cisco Small Business 100 Series Wireless Access Points
• Cisco Small Business 300 Series Wireless Access Points
• Cisco Secure Client for Windows
• Cisco Duo Authentication for Windows Logon and RDP
• Cisco AppDynamics Controller

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-20336

CVE-2024-20338

CVE-2024-20335

CVE-2024-20337

CVE-2024-20301

CVE-2024-20292

CVE-2024-20346

CVE-2024-20345