Request a Demo
Rewterz
Multiple Adobe Products Vulnerabilities
September 13, 2024
Rewterz
CVE-2024-8686 – Palo Alto Networks PAN-OS Vulnerability
September 13, 2024

Multiple Cisco Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-20406 CVSS:7.4

Cisco IOS XR Software is vulnerable to a denial of service, caused by improper input validation of ingress IS-IS packets. By sending specially crafted IS-IS packets, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-20489 CVSS:8.6

Cisco Routed Passive Optical Network (PON) Controller Software could allow a local authenticated attacker to obtain sensitive information, caused by improper storage of the unencrypted database credentials. By accessing the configuration files, an attacker could exploit this vulnerability to view MongoDB credentials information, and use this information to launch further attacks against the affected system.

CVE-2024-20381 CVSS:8.8

Multiple Cisco Products could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper authorization checks on the API. By sending specially crafted requests to the JSON-RPC API, an authenticated attacker could exploit this vulnerability to gain elevated privileges or create new accounts.

CVE-2024-20317 CVSS:7.4

Cisco IOS XR Software is vulnerable to a denial of service, caused by incorrect classification of certain types of Ethernet frames. By sending specially crafted types of Ethernet frames, a remote attacker could exploit this vulnerability to cause control plane protocol relationships to fail.

CVE-2024-20398 CVSS:8.8

Cisco IOS XR Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper validation of user arguments that are passed to specific CLI commands. By sending specially crafted commands at the prompt, an authenticated attacker could exploit this vulnerability to gain elevated privileges to root.

Impact

  • Denial of Service
  • Information Disclosure
  • Privilege Escalation

Indicators of Compromise

CVE

  • CVE-2024-20406
  • CVE-2024-20489
  • CVE-2024-20381
  • CVE-2024-20317
  • CVE-2024-20398

Affected Vendors

Cisco

Affected Products

  • Cisco IOS XR Software
  • Cisco RV340 Dual WAN Gigabit VPN Routers
  • Cisco NCS 540-24Q8L2DD-SYS Router
  • Cisco NCS 540-24Z8Q2C-SYS Router
  • Cisco NCS 540-28Z4C-SYS-A Router
  • Cisco NCS 540-28Z4C-SYS-D Router
  • Cisco Crosswork NSO
  • Cisco Optical Site Manager

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-20406

CVE-2024-20489

CVE-2024-20381

CVE-2024-20317

CVE-2024-20398