Critical Vulnerabilities in Cisco IOS, IOS XE and Other Products Addressed – Patch Now – Malware News

Cisco, a leading provider of networking technologies, has released new security advisories addressing 16 vulnerabilities affecting key products including Cisco IOS, IOS XE, and Catalyst SD-WAN Routers.

The advisories, released on September 25, 2024, detail nine high-severity vulnerabilities, including vulnerabilities that could lead to denial-of-service (DoS) attacks or privilege escalation, in addition to other risks that could enable further malicious activity on compromised networks.

Cisco IOS, IOS XE and more impacted by DoS, Privilege Escalation, CSRF vulnerabilities (CVE-2024-20381, CVE-2024-20467, …)

Cisco recently addressed a number of high-severity vulnerabilities affecting several of its core products, including Cisco IOS XE, Catalyst SD-WAN Routersand other key networking technologies. Below we describe the cause and impact of these vulnerabilities, as well as the individual products that are affected:

CVE-2024-20381 (CVSS 8.8) – Privilege Escalation Vulnerability in Multiple Cisco Products

A critical flaw in the JSON-RPC API of Cisco Crosswork Network Services Orchestrator (NSO), Optical Site Manager, and RV340 Dual WAN Gigabit VPN Routers could allow a remote attacker with privileges to modify application configurations. Exploitation of this vulnerability could lead to unauthorized user account creation or privileged escalation, potentially compromising the integrity of the system.

This issue also affects ConfD when the JSON-RPC API is enabled.

Details of CVE-2024-20381 (SOCRadar Vulnerability Intelligence)

CVE-2024-20467 (CVSS 8.6) – DoS Vulnerability in Cisco IOS XE IPv4 Fragmentation

In Cisco IOS XE, improper resource management in the IPv4 fragmentation reassembly code can lead to a denial-of-service (DoS) attack. An attacker can send fragmented packets to trigger a system reload, thereby disrupting services. Affected devices include the Cisco ASR 1000 series and Cisco cBR-8 routers running specific versions of IOS XE (17.12.1 or 17.12.1a).

Details of CVE-2024-20467 (SOCRadar Vulnerability Intelligence)

CVE-2024-20436 (CVSS 8.6) – DoS Vulnerability in Cisco IOS XE HTTP Server Telephony Services

A vulnerability in the HTTP Server feature in Cisco IOS XE, in conjunction with the Telephony Service feature, could allow an attacker to cause a device to reload, leading to a DoS condition. This issue is caused by a null pointer dereference triggered by malicious HTTP requests.

CVE-2024-20480 (CVSS 8.6) – DoS Vulnerability in Cisco IOS XE SD-Access Fabric Edge Node

The DHCP Snooping feature of Cisco IOS XE on Software-Defined Access (SD-Access) fabric edge nodes can be abused by sending specific DHCP packets, resulting in high CPU utilization and causing a DoS condition. Recovery requires a manual reload, disrupting network traffic.

CVE-2024-20464 (CVSS 8.6) – DoS Vulnerability in Cisco IOS XE PIM

In the Protocol Independent Multicast (PIM) feature of Cisco IOS XE, insufficient validation of IPv4 PIMv2 packets could allow attackers to reload affected devices, triggering a DoS condition. Devices running vulnerable releases with PIM enabled are at risk, although IPv6 PIM is not affected by this vulnerability.

CVE-2024-20433 (CVSS 8.6) – DoS Vulnerability in Cisco IOS & IOS XE Resource Reservation Protocol

Cisco IOS and IOS XE Software are vulnerable due to a buffer overflow in the Resource Reservation Protocol (RSVP) feature. Malicious RSVP traffic can cause a system reload, resulting in a DoS attack. Only devices with RSVP enabled are affected.

CVE-2024-20455 (CVSS 8.6) – DoS Vulnerability in Cisco Catalyst SD-WAN Routers

A vulnerability in the Unified Threat Defense (UTD) traffic classification of Cisco IOS XE Software for SD-WAN IPsec tunnels could allow attackers to trigger a DoS condition by sending crafted packets. Only devices with UTD installed and enabled are vulnerable, but devices using Generic Routing Encapsulation (GRE) tunnels are not affected.

In addition, the vulnerabilities with the lowest score in the high severity category are as follows:

• CVE-2024-20437 (CVSS 8.1): A Cross-Site Request Forgery (CSRF) vulnerability in the web-based management interface of Cisco IOS XE.
• CVE-2024-20350 (CVSS 7.5): A vulnerability in the Cisco Catalyst Center SSH server that could allow impersonation via a Machine-in-the-Middle attack.

SOCRadar’s Vulnerability Intelligence module provides detailed updates on the latest CVEs, including exploit availability and mentions. With comprehensive insights, your security team can prioritize patching and proactively defend against potential exploits before they impact your systems.

Gain insight into vulnerabilities with SOCRadars Vulnerability Intelligence

Additional vulnerabilities in Cisco products

Although the preceding vulnerabilities are rated high severity, the remaining vulnerabilities in the update with a medium severity rating still pose significant risks to several Cisco products:

• CVE-2024-20434: Denial of Service vulnerability in Cisco Catalyst 9000 Series switches, which could lead to device crashes.
• CVE-2024-20508: Security Policy Bypass and DoS Vulnerability in Cisco Unified Threat Defense Snort Intrusion Prevention System Engine for Cisco IOS XE Software.
• CVE-2024-20475: Cross-Site Scripting vulnerability in Cisco Catalyst SD-WAN Manager that could allow malicious code injection.
• CVE-2024-20496: UDP packet validation flaw in Cisco SD-WAN vEdge software, which could lead to DoS attacks.
• CVE-2024-20465: Vulnerability in the Access Control List (ACL) in Cisco IOS software on Cisco Industrial Ethernet Series switches.
• CVE-2024-20414: Cross-Site Request Forgery (CSRF) vulnerability in the Web UI of Cisco IOS and IOS XE Software.
• CVE-2024-20510: ACL bypass vulnerability in Cisco IOS XE Software for Wireless Controllers during CWA pre-authentication.

Apply the patches for the latest Cisco vulnerabilities

The vulnerabilities discussed in this article, from Denial of Service (DoS) to Privilege Escalation, pose a significant risk to organizations using affected Cisco products.

As history has shown, delayed patching can have serious consequences. For example, APT28 exploited an old vulnerability in 2023, CVE-2017-6742 (CVSS: 8.8)in Cisco IOS and IOS Jaguar Tooth malware on routers.

Details and latest activity on CVE-2017-6742 shown in SOCRadar’s Vulnerability Intelligence module

Given the critical nature of the current vulnerabilities, it is important to patch them in a timely manner to prevent potential exploitation.

For more information about the vulnerabilities and Cisco’s recommended mitigations, please refer to the official security advisories. It’s also important to note that most of these vulnerabilities are part of Cisco’s September 2024 IOS and IOS XE Security Advisory Bundled Publication, which you can refer to for a more focused approach to vulnerabilities in these products.

Protect your digital assets with SOCRadar’s Attack Surface Management Module

SOCRadar’s Attack Surface Management (ASM) provides real-time monitoring of your organization’s digital assets. By identifying software vulnerabilities, exposed sensitive data, and shadow IT, ASM provides the insights needed to address risks before they’re exploited.

Stay ahead of evolving cyber risks with dynamic, automated detection and protection from SOCRadar’s industry-leading ASM solution.

SOCRadar’s advanced monitoring gives your security team continuous visibility into your attack surface and the ability to take proactive measures to mitigate threats.

Article link: https://socradar.io/severe-vulnerabilities-in-cisco-ios-ios-xe-addressed/