Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches Secure Boot Bypass Vulnerability

🚨 SEVERITY: MEDIUM — CVSS 6.8 Security Advisory

TL;DR 📌

A medium-severity vulnerability has been identified in Cisco IOS Software for Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches. This vulnerability allows an attacker to bypass secure boot protections, potentially executing arbitrary code at boot time. Cisco has released software updates to address this issue, and no workarounds are available.

What happened 🕵️‍♂️

A vulnerability in Cisco IOS Software affects Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches. This flaw allows an authenticated local attacker with privilege level 15 or an unauthenticated attacker with physical access to execute persistent code during the boot process, effectively breaking the device’s chain of trust. The vulnerability arises from missing signature verification for certain files loaded during boot. Cisco has raised the Security Impact Rating (SIR) from Medium to High due to the potential severity of this issue.

[]

Cisco IOS Software Industrial Ethernet Switch Device Manager Privilege Escalation Vulnerability

🚨 SEVERITY: HIGH — CVSS 8.3 Security Advisory

TL;DR 📌

A privilege escalation vulnerability has been identified in the Cisco IOS Software Industrial Ethernet Switch Device Manager. This issue could allow authenticated remote attackers to elevate their privileges. The vulnerability has a CVSS score of 8.3 (High severity). Cisco has released software updates to address this vulnerability, and there are no workarounds available.

What happened 🕵️‍♂️

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software allows an authenticated remote attacker to elevate privileges due to insufficient validation of authorizations for authenticated users. By sending a crafted HTTP request to an affected device, an attacker with valid credentials for a user account with privilege level 5 or higher could exploit this vulnerability to gain privilege level 15.

[]

Cisco IOS XE Software Bootstrap Arbitrary File Write Vulnerability

🚨 SEVERITY: MEDIUM — CVSS 6.0 Security Advisory

TL;DR 📌

A medium severity vulnerability has been identified in the Cisco IOS XE Software Bootstrap that allows an authenticated local attacker to write arbitrary files to an affected system. Cisco has released software updates to address this issue, but no workarounds are available.

What happened 🕵️‍♂️

A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system. This issue arises from insufficient input validation of the bootstrap file used when a device is deployed in SD-WAN mode or configured for SD-Routing. An attacker could exploit this by modifying a bootstrap file generated by Cisco Catalyst SD-WAN Manager and loading it into the device flash, leading to potential arbitrary file writes to the operating system.

[]

Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers ARP Denial of Service Vulnerability

🚨 SEVERITY: HIGH — CVSS 7.4 Security Advisory

TL;DR 📌

A high-severity vulnerability has been identified in Cisco IOS XE Software for ASR 903 Aggregation Services Routers, allowing unauthenticated adjacent attackers to trigger a denial of service (DoS) condition. Cisco has released software updates to address this issue, but there are no workarounds available.

What happened 🕵️‍♂️

A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthenticated adjacent attacker to exploit the system. This vulnerability arises from improper memory management when processing Address Resolution Protocol (ARP) messages. By sending crafted ARP messages at a high rate, an attacker could exhaust system resources, leading to a reload of the active route switch processor (RSP). If there is no redundant RSP, the router will reload.

[]

Cisco IOS XE Wireless Controller Software Cisco Discovery Protocol Denial of Service Vulnerability

🚨 SEVERITY: HIGH — CVSS 7.4 Security Advisory

TL;DR 📌

A high-severity vulnerability has been identified in Cisco IOS XE Wireless Controller Software, allowing unauthenticated adjacent attackers to cause a denial of service (DoS) condition. Cisco has released software updates to address this issue, and there are no workarounds available.

What happened 🕵️‍♂️

A vulnerability in the Cisco IOS XE Wireless Controller Software could enable an unauthenticated, adjacent attacker to exploit insufficient input validation of Cisco Discovery Protocol (CDP) neighbor reports. By sending a crafted CDP packet to an affected access point (AP), an attacker could trigger an unexpected reload of the wireless controller managing the AP, resulting in a DoS condition that disrupts the wireless network.

[]

Cisco IOS XE Wireless Controller Software Unauthorized User Deletion Vulnerability

🚨 SEVERITY: MEDIUM — CVSS 6.5 Security Advisory

TL;DR 📌

A vulnerability in the Cisco IOS XE Wireless Controller Software allows authenticated remote attackers to delete user accounts, including those with administrative privileges. This issue arises from insufficient access control in the lobby ambassador web interface. No workarounds are available, but Cisco has released software updates to address the vulnerability.

What happened 🕵️‍♂️

Cisco has identified a vulnerability in the lobby ambassador web interface of its IOS XE Wireless Controller Software. This flaw enables authenticated attackers to remove arbitrary user accounts from affected devices by exploiting insufficient access control. The vulnerability can only be exploited if the attacker has obtained credentials for a lobby ambassador account, which is not configured by default.

[]

Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities

🚨 SEVERITY: HIGH — CVSS 8.6 Security Advisory

TL;DR 📌

Cisco Meraki MX and Z Series Teleworker Gateway devices are affected by multiple denial of service (DoS) vulnerabilities in the AnyConnect VPN server. These vulnerabilities could allow an unauthenticated attacker to disrupt VPN services. Cisco has released software updates to address these issues, and there are no workarounds available.

What happened 🕵️‍♂️

Multiple vulnerabilities have been identified in the Cisco AnyConnect VPN server of Cisco Meraki MX and Z Series Teleworker Gateway devices. An unauthenticated, remote attacker could exploit these vulnerabilities to cause a denial of service (DoS) condition, resulting in the failure of established SSL VPN connections and preventing new connections from being established.

[]

Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Session Takeover and Denial of Service Vulnerability

🚨 SEVERITY: MEDIUM — CVSS 5.8 Security Advisory

TL;DR 📌

A vulnerability has been identified in the Cisco AnyConnect VPN server of Cisco Meraki MX and Z Series Teleworker Gateway devices. This flaw could allow an unauthenticated remote attacker to hijack VPN sessions or cause denial of service (DoS) conditions for users. Cisco has released software updates to address this issue, and no workarounds are available.

What happened 🕵️‍♂️

A vulnerability in the Cisco AnyConnect VPN server could enable an unauthenticated remote attacker to hijack an AnyConnect VPN session or induce a denial of service (DoS) condition for users of the service. This vulnerability stems from weak entropy during the VPN authentication process and a race condition within the same process. Attackers can exploit this flaw by guessing an authentication handler and sending crafted HTTPS requests to the affected device.

[]

Cisco Nexus Dashboard Fabric Controller SSH Host Key Validation Vulnerability

🚨 SEVERITY: HIGH — CVSS 8.7 Security Advisory

TL;DR 📌

A high-severity vulnerability has been identified in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC), allowing unauthenticated remote attackers to impersonate managed devices due to insufficient SSH host key validation. Cisco has released software updates to address this issue, with no workarounds available.

What happened 🕵️‍♂️

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability arises from insufficient SSH host key validation, enabling attackers to perform machine-in-the-middle attacks on SSH connections. A successful exploit could lead to traffic interception and user credential capture.

[]

Cisco Secure Network Analytics Manager API Authorization Vulnerability

🚨 SEVERITY: MEDIUM — CVSS 6.5 Security Advisory

TL;DR 📌

A medium-severity vulnerability has been identified in the Cisco Secure Network Analytics Manager API, which could allow authenticated low-privileged users to generate fraudulent findings. Cisco has released updates to address this issue, but no workarounds are available.

What happened 🕵️‍♂️

A vulnerability in the API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to create fraudulent findings. This vulnerability arises from insufficient authorization enforcement on a specific API. An attacker could exploit this by authenticating as a low-privileged user and making crafted API calls, potentially obfuscating legitimate findings in analytics reports or generating false alarms and alerts.

[]