Cisco Security Advisories
Cisco Access Point Software Uncontrolled Resource Consumption Vulnerability
A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device. <br><br>
This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic.<br><br>
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br><br>
This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m</a><br><br>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2023-20268
Categories: Cisco
Cisco NX-OS Software Image Verification Bypass Vulnerability
<span class="mce-annotation tox-comment" data-mce-annotation-uid="CONV-0015061" data-mce-annotation="tinycomments">A </span>vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated <span class="mce-annotation tox-comment" data-mce-annotation-uid="CONV-0015076" data-mce-annotation="tinycomments">attacker</span> with physical access to an affected device, <span class="mce-annotation tox-comment" data-mce-annotation-uid="CONV-0015026" data-mce-annotation="tinycomments">or an authenticated, local attacker with administrative credentials, </span>to bypass <span class="mce-annotation tox-comment" data-mce-annotation-uid="CONV-0015022" data-mce-annotation="tinycomments">NX-OS</span> image <span class="mce-annotation tox-comment" data-mce-annotation-uid="CONV-0015077" data-mce-annotation="tinycomments">signature verification</span><span class="mce-annotation tox-comment" data-mce-annotation-uid="CONV-0015024" data-mce-annotation="tinycomments">.</span><br><br>
This vulnerability is due to <span class="mce-annotation tox-comment" data-mce-annotation-uid="CONV-0015025" data-mce-annotation="tinycomments">insecure bootloader settings</span>. <span class="mce-annotation tox-comment" data-mce-annotation-uid="CONV-0015026" data-mce-annotation="tinycomments">An attacker could exploit this vulnerability by executing a series of bootloader commands.</span> A successful exploit could allow the attacker to bypass <span class="mce-annotation tox-comment" data-mce-annotation-uid="CONV-0015023" data-mce-annotation="tinycomments">NX-OS</span> <span class="mce-annotation tox-comment tox-comment--active" data-mce-annotation-uid="CONV-0015028" data-mce-annotation="tinycomments">image signature verification</span> and load<span class="mce-annotation tox-comment" data-mce-annotation-uid="CONV-0015036" data-mce-annotation="tinycomments"> unverified software</span>.<br><br>
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br><br>
This advisory is available at the following link:<br><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL" target="_blank" rel="noopener">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL</a><br><br>
<br/>Security Impact Rating: High
<br/>CVE: CVE-2024-20397
Categories: Cisco
Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability
A vulnerability in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of WebVPN on the Cisco ASA.<br><br>The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by convincing a user to access a malicious link.<br><br>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2014-2120
Categories: Cisco