Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[CVSS 9+] Urgent Security Advisories for Cisco Products

Executive Summary

On September 27, 2023, Cisco issued security fixes for Catalyst SD-WAN Manager, IOS Software, IOS XE Software, and DNA Center. The updates include fixes for 1 critical vulnerability, as well as several high and medium severity vulnerabilities.

Please note that CISA has also issued an alert regarding these vulnerabilities in Cisco products.

Organizations using impacted Cisco products are advised to review Cisco’s security advisories and promptly take the necessary actions to fix the vulnerabilities.

Critical and High Vulnerabilities

Vulnerabilities in Catalyst SD-WAN Manager:

  • CVE-2023-20252: Unauthorized Access Vulnerability with a CVSS score of 9.8.
  • CVE-2023-20253: Unauthorized Configuration Rollback Vulnerability with a CVSS score of 8.4.
  • CVE-2023-20034: Information Disclosure Vulnerability with a CVSS score of 7.5.
  • CVE-2023-20254: Authorization Bypass Vulnerability with a CVSS score of 7.2.
  • CVE-2023-20262: Denial-of-Service Vulnerability with a CVSS score of 5.3.

For detailed information about these vulnerabilities and available fixes, please visit CISCO’s related security advisory.


Vulnerabilities in IOS Software and IOS XE Software:

  • CVE-2023-20231: Command Injection Vulnerability with a CVSS score of 8.8.
  • CVE-2023-20033: Denial-of-Service Vulnerability with a CVSS score of 8.6.
  • CVE-2023-20187: Denial-of-Service Vulnerability with a CVSS score of 8.6.
  • CVE-2023-20226: Denial-of-Service Vulnerability with a CVSS score of 8.6.
  • CVE-2023-20227: Denial-of-Service Vulnerability with a CVSS score of 8.6.
  • CVE-2023-20186: Command Authorization Bypass Vulnerability with a CVSS score of 8.0.
  • CVE-2023-20109: Medium-severity vulnerability with a CVSS score of 6.6.
    • This flaw could allow an authenticated remote attacker to execute arbitrary code on affected systems or cause them to crash.
    • Cisco has observed attempted exploitation of this vulnerability in its IOS Software and IOS XE Software.

For the full list of CISCO’s security updates, you can visit CISCO’s security advisories.


Vulnerability in DNA Center:

  • CVE-2023-20223: Insufficient Access Control Vulnerability with a CVSS score of 8.6.

For the full list of CISCO’s security updates, you can visit CISCO’s security advisories.

Takeaways

Customers should diligently review Cisco’s security advisories for comprehensive details and promptly take necessary actions to remediate the vulnerabilities.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.