Analysis Summary

CVE-2024-20429 CVSS:6.5

Cisco Secure Email Gateway could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient input validation in certain portions of the web-based management interface. By sending a crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2024-20435 CVSS:8.8

Cisco Secure Web Appliance could allow a local authenticated attacker to gain elevated privileges on the system, caused by insufficient validation of user-supplied input for the CLI. By authenticating to the system and executing a crafted command, an attacker could exploit this vulnerability to execute arbitrary commands on the underlying operating system and elevate privileges to root.

CVE-2024-20296 CVSS:4.7

Cisco Identity Services Engine could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system.

CVE-2024-20323 CVSS:7.5

Cisco Intelligent Node Software could allow a remote attacker to obtain sensitive information, caused by the presence of hard-coded cryptographic material. By using the static cryptographic key to generate a trusted certificate and impersonate an affected device, a remote attacker could <exploit this vulnerability to read data that is meant for a legitimate device, modify the startup configuration of an associated node.

CVE-2024-20261 CVSS:5.8

Cisco Firepower Threat Defense Software could allow a remote attacker to bypass security restrictions, caused by a logic error when a specific class of encrypted archive files is inspected. By sending a specially crafted encrypted archive file, an attacker could exploit this vulnerability to bypass Encrypted Archive File Policy to accept malware should have been blocked and dropped.

CVE-2024-20416 CVSS:6.5

Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By sending specially crafted HTTP requests, a remote authenticated attacker could overflow a buffer and execute arbitrary code as the root user on the underlying operating system of the device.

CVE-2024-20400 CVSS:4.7

Cisco Expressway Series could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.

CVE-2024-20396 CVSS:5.3

Cisco Webex App could allow a remote attacker to obtain sensitive information, caused by not safely handle file protocol handlers. By persuading a victim to open a specially crafted link, an attacker could exploit this vulnerability to obtain credential information, and use this information to launch further attacks against the affected system.

CVE-2024-20395 CVSS:6.4

Cisco Webex App could allow a remote attacker to obtain sensitive information, caused by insecure transmission of requests to backend services when the app accesses embedded media. By sniffing the network traffic, an attacker could exploit this vulnerability to obtain session token information, and use this information to launch further attacks against the affected system.

Impact

• Gain Access
• Buffer Overflow
• Security Bypass
• Privilege Escalation
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2024-20429
• CVE-2024-20435
• CVE-2024-20296
• CVE-2024-20323
• CVE-2024-20261
• CVE-2024-20416
• CVE-2024-20400
• CVE-2024-20396
• CVE-2024-20395

Affected Vendors

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-20429

CVE-2024-20435

CVE-2024-20296

CVE-2024-20323

CVE-2024-20261

CVE-2024-20416

CVE-2024-20400

CVE-2024-20396

CVE-2024-20395