Cisco: Updates close security gaps in several products
There are security gaps in several Cisco products that could allow attackers to gain root rights and compromise devices.
Vulnerabilities threaten Cisco devices.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Cisco has released updates for several products. They close security gaps that could allow attackers to extend their rights or even compromise devices. IT managers should download and install the updates as soon as possible.
In total, Cisco warns of three high-risk security vulnerabilities. Two concern Cisco Crosswork Network Services Orchestrator (NSO). Due to several vulnerabilities in the command line interface, logged-in attackers with low privileges can read and write arbitrary files as root users or escalate their privileges to root in the underlying operating system (CVE-2024-20326, CVE-2024-20389, both CVSS 7.8, risk"high"). The same CVE entries also affect the ConfD command line.
Three high-risk vulnerabilities
Attackers can also abuse a vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of the NSO, which opens up user-controllable search paths. It allows the execution of malicious files as root user. Attackers only need valid credentials (CVE-2024-20366, CVSS 7.8, high).
Cisco only classifies the other security vulnerabilities as a medium threat level. Nevertheless, admins should also install the available updates quickly to reduce the attack surface.
In the individual security notes, Cisco engineers explain whether and which temporary workaround measures can be taken. They also provide links to where the updated software can be downloaded. The list of Cisco security notices, sorted by threat level:
- Cisco Crosswork Network Services Orchestrator Vulnerabilities, CVSS 7.8, Risk High
- Cisco Crosswork Network Services Orchestrator Privilege Escalation Vulnerability, CVSS 7 .8, high
- ConfD CLI Privilege Escalation and Arbitrary File Read and Write Vulnerabilities, CVSS 7 .8, high
- Cisco Secure Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability, CVSS 6.8, medium
- Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Cross-Site Scripting Vulnerabilities, CVSS 6.1, medium
- Cisco Secure Email Gateway HTTP Response Splitting Vulnerability, CVSS 6 .1, medium
- Cisco AppDynamics Network Visibility Service Denial of Service Vulnerability, CVSS 5.5, medium
- Cisco Crosswork Network Services Orchestrator Open Redirect Vulnerability, CVSS 4.7, medium
Around two weeks ago, Cisco sealed security gaps in IP phones. The 6800, 7800 and 8800 series could be spied on without the updates.
(dmk)