GovCERT.HK - High Threat Security Alert (A24-07-13): Vulnerability in Cisco Products

Description:

Cisco released security advisories to address a remote code execution vulnerability (CVE-2024-6387) in Cisco devices and software. For information about the vulnerability and the attacking vectors, please refer to the corresponding security advisory at the vendor's website.

Reports indicated that the proof-of-concept (PoC) for the remote code execution vulnerability (CVE-2024-6387) is publicly available. Cisco has released security updates to address the issue. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

Cisco 6300 Series Embedded Services Access Points
Cisco 8000 Series Routers
Cisco Adaptive Security Appliance (ASA) Software
Cisco Aironet 1540 Series
Cisco Aironet 1560 Series
Cisco Aironet 802.11ac Wave2 Access Points
Cisco ASR 5000 Series Routers
Cisco Board Series
Cisco Catalyst 9100 Series Access Points
Cisco Catalyst ESS9300 Embedded Series Switches
Cisco Catalyst IE3x00 Rugged Series Switches
Cisco Catalyst IE9300 Rugged Series Switches
Cisco Catalyst IW6300 Heavy Duty Series Access Points
Cisco Catalyst IW9165 Heavy Duty Series
Cisco Catalyst IW9165 Rugged Series
Cisco Catalyst IW9167 Heavy Duty Series
Cisco Common Services Platform Collector (CSPC)
Cisco Connected Mobile Experiences
Cisco Crosswork Data Gateway
Cisco Cyber Vision
Cisco Desk Phone 9841
Cisco Desk Phone 9851
Cisco Desk Series
Cisco DNA Spaces Connector
Cisco Embedded Services 3300 Series Switches
Cisco Emergency Responder
Cisco Evolved Programmable Network Manager (EPNM)
Cisco Expressway Series
Cisco Firepower 4100/9300 FXOS Firepower Chassis Manager
Cisco Firepower Management Center (FMC) Software
Cisco Firepower Threat Defense (FTD) Software
Cisco GGSN Gateway GPRS Support Node
Cisco Identity Services Engine (ISE)
Cisco IEC6400 Edge Compute Appliance
Cisco Intersight Virtual Appliance
Cisco IOS XE Software with NETCONF enabled
Cisco IOS XRd Control Plane
Cisco IOS XRd vRouter
Cisco IP Services Gateway (IPSG)
Cisco MDS 9000 Series Multilayer Switches
Cisco Meeting Server
Cisco MME Mobility Management Entity
Cisco Network Convergence System 1010
Cisco Network Convergence System 1014
Cisco Network Convergence System 540 Series Routers running NCS540L images
Cisco Network Convergence System 5700 Fixed Chassis NCS-57B1, NCS-57C1, and NCS-57D2
Cisco Nexus 3000 Series Switches
Cisco Nexus 9000 Series Fabric Switches in ACI Mode
Cisco Nexus 9000 Series Switches in standalone NX-OS mode
Cisco PDSN/HA Packet Data Serving Node and Home Agent
Cisco PGW Packet Data Network Gateway
Cisco Prime Collaboration Deployment
Cisco Prime Infrastructure
Cisco Room Series
Cisco Secure Access Resource Connector
Cisco Secure Email and Web Manager
Cisco Secure Email Gateway
Cisco Secure Network Analytics
Cisco Smart PHY
Cisco Smart Software Manager On-Prem
Cisco System Architecture Evolution (SAE) Gateway
Cisco TelePresence Video Communication Server (VCS)
Cisco UCS C-Series Rack Servers and S-Series Storage Servers - Integrated Management Controller (CIMC)
Cisco UCS Director
Cisco Ultra Cloud Core - Session Management Function
Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure
Cisco Ultra Cloud Core 5G Policy Control Function
Cisco Ultra Packet Core
Cisco Unified Communications Manager
Cisco Unified Communications Manager IM and Presence Service
Cisco Unified Communications Manager Session Management Edition
Cisco Unified Contact Center Express (Unified CCX)
Cisco Unity Connection
Cisco Video Phone 8875
Cisco Virtualized Infrastructure Manager
Cisco Webex Board
Cisco Webex DX80

For detailed information of the affected systems, please refer to the section "Affected Products" of corresponding security advisory at vendor's website.

Impact:

Successful exploitation of the vulnerability could lead to remote code execution on an affected system.

Recommendation:

Patches for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk. For detailed information of the available patches, please refer to the section "Fixed Software" of corresponding security advisory at vendor's website.

System administrators should contact their vendors for the fixes and assistance.

More Information:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387

Tag: Cisco , Cisco Series ESAP , Cisco Series Routers , Cisco ASA Software , Cisco Aironet , Cisco ASR 5000 Series Routers , Cisco Board Series , Cisco Catalyst , Cisco CSPC , Cisco Connected Mobile Experiences , Cisco Crosswork Data Gateway , Cisco Cyber Vision , Cisco Desk Phone , Cisco Desk Series , Cisco DNA Spaces Connector , Cisco Embedded Services Switches , Cisco Emergency Responder , Cisco EPNM , Cisco Expressway Series , Cisco Firepower , Cisco GGSN Gateway GPRS Support Node , Cisco ISE , Cisco IEC6400 Edge Compute Appliance , Cisco Intersight Virtual Appliance , Cisco IOS , Cisco IPSG , Cisco MDS 9000 Series Multilayer Switches , Cisco Meeting Server , Cisco MME Mobility Management Entity , Cisco Network Convergence System , Cisco Nexus Series Switches , Cisco PGW Packet Data Network Gateway , Cisco Prime Collaboration Deployment , Cisco Prime Infrastructure , Cisco Room Series , Cisco Secure Access Resource Connector , Cisco Secure Email and Web Manager , Cisco Secure Email Gateway , Cisco Secure Network Analytics , Cisco Smart PHY , Cisco Smart Software Manager On-Prem , Cisco SAE Gateway , Cisco TelePresence VCS , Cisco UCS Manager , Cisco Ultra Cloud Core , Cisco Ultra Packet Core , Cisco Unified Communications Manager , Cisco Unity Connection , Cisco Video Phone , Cisco Virtualized Infrastructure Manager , Cisco Webex