Want relief keeping up with product patching, upgrades, and more? Learn how our Managed Services for law firms can help you.

CISCO IOS and IOS XE Software Vulnerabilities

March 2024

Please see CISCO IOS and IOS-XE software vulnerabilities below.

Identified Vulnerabilities

Product − Cisco IOS and IOS XE Software

Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerabilities (CVE-2024-20307)
- Multiple vulnerabilities in the Internet Key Exchange version 1 (IKEv1) fragmentation feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow or corruption on an affected system.
Cisco IOS and IOS XE Software IKEv1 Fragmentation Heap Underflow Denial of Service Vulnerability (CVE-2024-20308)
- A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading.
Cisco IOS and IOS XE Software Locator ID Separation Protocol Denial of Service Vulnerability (CVE-2024-20311)
- A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
Cisco IOS and IOS XE Software Intermediate System-to-Intermediate System Denial of Service Vulnerability (CVE-2024-20312)
- A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
Cisco IOS XE Software OSPFv2 Denial of Service Vulnerability (CVE-2024-20313)
- A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.

Product: Cisco IOS XE Software

Cisco IOS XE Software DHCP Snooping with Endpoint Analytics Denial of Service Vulnerability (CVE-2024-20259)
- A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability (CVE-2024-20314)
- A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of service (DoS) condition on an affected device.
Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability (CVE-2024-20276)
- A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly.

Patch and Upgrade Available

Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their Updates Channel.

Sources

https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056

Contact Cornerstone.IT for assistance with this or any other technology or security needs.

Tagged CISCO iOS IOS XE

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

CISCO IOS and IOS XE Software Vulnerabilities

Identified Vulnerabilities

Product − Cisco IOS and IOS XE Software

Product: Cisco IOS XE Software

Patch and Upgrade Available

Sources

Services

Partners

Company

The Corner View

CISCO IOS and IOS XE Software Vulnerabilities

Google Chrome (Desktop) Multiple Security Vulnerabilities

Mozilla Firefox Desktop – Critical Security Vulnerabilities

Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-26162)

VMWare ESXi 7.0 and 8.0 Multiple Vulnerabilities

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2024-26192)

Critical Connectwise ScreenConnect Vulnerabilities (CVE-2024-1709 & CVE-2024-1708)

More Posts →