Advisories address vulnerabilities in Cisco Nexus Dashboard, Meraki MX and Z Series Teleworker Gateway, and others

Threat ID:CC-4557

Threat Severity:Medium

Published:3 October 2024 3:52 PM

Summary

Affected platforms

The following platforms are known to be affected:

Cisco Nexus Dashboard

Fabric Controller
Orchestrator

Cisco Meraki

Cisco Meraki MX and Z Series products running a vulnerable release of Cisco Meraki MX firmware and have Cisco AnyConnect VPN enabled

The following platforms are also known to be affected:

Multiple other products are affected. Please see advisories below.

Threat details

Introduction

Cisco has released advisories covering multiple products including one critical impact advisory, three high, and ten medium. Some vulnerabilities that may affect organisations include:

CVE-2024-20432 affects Cisco Nexus Dashboard Fabric Controller and has a CVSSv3 score of 9.9. Exploitation could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device.
CVE-2024-20393 affects Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers and has a CVSSv3 score of 8.8. Exploitation could allow an authenticated, remote attacker to elevate privileges on an affected device.
CVE-2024-20470 affects Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers and has a CVSSv3 score of 4.7. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code (ACE) as the root user on the underlying operating system.
CVE-2024-20509 affects Cisco Meraki MX and Z Series Teleworker Gateway and has a CVSSv3 score of 5.8. Exploitation could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial-of-service (DoS) condition for individual users of the AnyConnect VPN service on an affected device.

Many more vulnerabilities are outlined in the advisories below.

Remediation advice

Affected organisations are encouraged to review the following Cisco Security Advisories for more information.

Remediation steps


Patch	Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability \| cisco-sa-ndfc-cmdinj-UvYZrKfr https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-cmdinj-UvYZrKfr
Patch	Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation and Remote Command Execution Vulnerabilities \| cisco-sa-rv34x-privesc-rce-qE33TCms https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms
Patch	Cisco Nexus Dashboard Fabric Controller Remote Code Execution Vulnerability \| cisco-sa-ndfc-ptrce-BUSHLbp https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-ptrce-BUSHLbp
Patch	Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities \| cisco-sa-meraki-mx-vpn-dos-QTRHzG2 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2
Patch	Cisco Small Business RV042, RV042G, RV320, and RV325 Routers Denial of Service and Remote Code Execution Vulnerabilities \| cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV
Patch	Cisco Nexus Dashboard Orchestrator SSL/TLS Certificate Validation Vulnerability \| cisco-sa-ndo-tlsvld-FdUF3cpw https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndo-tlsvld-FdUF3cpw
Patch	Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities \| cisco-sa-ndhs-uaapi-Jh4V6zpN https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-uaapi-Jh4V6zpN
Patch	Cisco Nexus Dashboard Hosted Services Information Disclosure Vulnerabilities \| cisco-sa-ndhs-idv-Bk8VqEDc https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-idv-Bk8VqEDc
Patch	Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability \| cisco-sa-ndfc-raci-T46k3jnN https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-raci-T46k3jnN
Patch	Cisco Nexus Dashboard Fabric Controller Configuration Backup Information Disclosure Vulnerability \| cisco-sa-ndfc-cidv-XvyX2wLj https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-cidv-XvyX2wLj
Patch	Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Session Takeover and Denial of Service Vulnerability \| cisco-sa-meraki-mx-vpn-dos-by-QWUkqV7X https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-by-QWUkqV7X
Patch	Cisco Identity Services Engine Information Disclosure Vulnerability \| cisco-sa-ise-info-disc-ZYF2nEEX https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-disc-ZYF2nEEX
Patch	Cisco Expressway Series Privilege Escalation Vulnerability \| cisco-sa-expw-escalation-3bkz77bD https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expw-escalation-3bkz77bD
Patch	Cisco UCS B-Series, Managed C-Series, and X-Series Servers Redfish API Command Injection Vulnerability \| cisco-sa-cimc-redfish-cominj-sbkv5ZZ https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-redfish-cominj-sbkv5ZZ

Definitive source of threat updates

https://sec.cloudapps.cisco.com/security/center/publicationListing.x

CVE Vulnerabilities

StatusPublished

CVE-2024-20432A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device.   This vulnerability is due to improper user authorization and insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted commands to an affected REST API endpoint or through the web UI. A successful exploit could allow the attacker to execute arbitrary commands on the CLI of a Cisco NDFC-managed device with network-admin privileges.   Note: This vulnerability does not affect Cisco NDFC when it is configured for storage area network (SAN) controller deployment.

StatusPublished

CVE-2024-20393A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin.

StatusPublished

CVE-2024-20470A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have valid admin credentials. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.

StatusPublished

CVE-2024-20509A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device. This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device.

Last edited: 3 October 2024 3:52 pm