Thursday 24th October 2024
Summary
Today and yesterday Cisco published their latest security advisories with 3 critical vulnerabilities, and 35 of lower severities.
The most severe advisories are as follows:
Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100, and 4200 Series Static Credential Vulnerability – CVE-2024-20412 (CVSS v3: 9.3 [Critical]) – A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials.
Cisco Secure Firewall Management Center Software Command Injection Vulnerability – CVE-2024-20424 (CVSS v3: 9.9 [Critical]) – A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root.
Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability – CVE-2024-20329 (CVSS v3: 9.9 [Critical]) – A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root.
Recommendations
Spotit recommends deploying the latest software updates to affected products. Spotit NOC managed devices will be updated by spotit.