Menu
Cisco, best known for its networking hardware and software lines, typically releases security advisories on a weekly basis. These advisories contain details of new vulnerabilities as well as instructions for obtaining product security updates. In this blog post, we summarise key details for all Cisco security fixes released in the last month, as well as highlight some of the most critical issues. The full list of advisories can be viewed in full via the Cisco Security Center website, at: https://sec.cloudapps.cisco.com/security/center/publicationListing.x.
The Cisco security advisories issued in October 2024 include high-priority fixes for critical Command Injection and Remote Command Execution (RCE) vulnerabilities in the company’s products. These vulnerabilities – in which an attacker can run malicious code on an organization’s computers or network – are some of the most nefarious vulnerabilities possible – and are often exploited by attackers to install malware, steal sensitive data, or perform ‘ransomware’ attacks in which a company’s data is held to ransom for substantial financial sums. Vulnerable products include the company’s Firepower Threat Defense (FTD) software, Secure Firewall Management Centre, Adaptive Security Appliance (ASA) and the Nexus Dashboard Fabric Controller – some of which we have featured in our ‘Known Exploited Vulnerability’ (KEV) roundups in blog posts earlier this month.
In addition, Cisco has published updates to existing security advisories for vulnerabilities in products including their Catalyst 9000 series of switches and ATA series of telephone adapter firmware.
The list of ‘Critical’ severity vulnerabilities below are those that Cisco have rated as 9.0 or higher out of 10 under the “CVSS” (Common Vulnerability) scoring system – although this is at the discretion of Cisco. These vulnerabilities typically represent a critical risk to organisations – being both trivial for attackers to exploit, as well as having the potential to have significant impact (harm) if successfully exploited. Critical vulnerabilities are crucial to patch, and remediation is time sensitive – these types of vulnerabilities often feature in our “Known Exploited Vulnerabilities” (KEV) roundups as undergoing active exploitation if a threat group develops working exploit code and begins to actively target organisations. The vulnerabilities flagged as Critical severity in Cisco products this month includes:
| Cisco Product | CVE ID | CVSS Score |
|---|---|---|
| Cisco Firepower Threat Defense (FTD) – Unsafe Use of Static Credentials | CVE-2024-20412 | 9.3 |
| Cisco Secure Firewall Management Center – Command Injection Vulnerability | CVE-2024-20424 | 9.9 |
| Cisco Adaptive Security Appliance (ASA) – Command Injection Vulnerability | CVE-2024-20329 | 9.9 |
| [Cisco Nexus Dashboard Fabric Controller – Arbitrary Command Execution (RCE) Vulnerability | CVE-2024-20432 | 9.9 |
The list of ‘high’ severity vulnerabilities below are those that Cisco have rated between 7.0 and 8.9 out of 10 under the “CVSS” (Common Vulnerability) scoring system. High-severity vulnerabilities are still important to prioritise for remediation, but they are rated as a slightly lower risk than ‘critical’ vulnerabilities. This may be because they are either harder for attackers to exploit (such as requiring local rather than network access to exploit) or else considered to have a typically lower impact on systems and services if they were to be exploited. The vulnerabilities regarded as ‘High’ in Cisco products this month include:
| Cisco Product | CVE ID | CVSS Score |
|---|---|---|
| Cisco ATA 190 Series – Firmware Vulnerabilities | CVE-2024-20420, CVE-2024-20421 |
8.5 |
| Cisco Firepower Threat Defense (FTD) – Uncontrolled Resource Consumption | CVE-2024-20351 | 8.6 |
| Cisco Firepower Threat Defense (FTD) – Buffer Over-Read | CVE-2024-20330 | 8.6 |
| Cisco Firepower Threat Defense (FTD) – NULL Pointer Dereference | CVE-2024-20339 | 8.6 |
| Cisco Adaptive Security Virtual Appliance (vASA) – Denial of Service (DoS) via Memory Exhaustion | CVE-2024-20260 | 8.6 |
| Cisco ASA and FTD – Buffer Over-Read | CVE-2024-20402 | 8.6 |
| Cisco ASA and FTD – Denial of Service (DoS) Vulnerability | CVE-2024-20268 | 7.7 |
| Cisco ASA and FTD – Code Injection Vulnerability | CVE-2024-20485 | 6.0 |
| Cisco ASA and FTD – NULL Pointer Dereference | CVE-2024-20426 | 8.6 |
| Cisco ASA and FTD – Denial of Service (DoS) Vulnerability | CVE-2024-20408 | 7.7 |
| Cisco ASA and FTD – Denial of Service (DoS) Vulnerability | CVE-2024-20495 | 8.6 |
| Cisco ASA and FTD – Denial of Service (DoS) Vulnerability | CVE-2024-20494 | 8.6 |
| Cisco Firepower Threat Defense (FTD) – Code Injection Vulnerability | CVE-2023-20063 | 8.2 |
| Cisco RV Series VPN Routers – Privilege Escalation and RCE Vulnerabilities | CVE-2024-20393, CVE-2024-20470 |
8.8 |
| Cisco Nexus Dashboard Fabric Controller – Remote Code Execution (RCE) Vulnerability | CVE-2024-20449 | 8.8 |
| Cisco Meraki MX and Z Series – Out-of-Bounds Write and ‘Double Free’ Memory Access Violations (DoS) | CVE-2024-20498, CVE-2024-20499 |
8.6 |
All our vulnerability entries above contain links to official remediation guidance from Cisco in the form of their published Security Advisories, as well as details of mitigations or workarounds that can be performed if immediate patching is not possible. Cisco release free software updates and customers within service contracts are entitles to regular software updates containing security fixes via update channels.
To help customers determine their exposure to vulnerabilities in Cisco ASA, FMC, and FTD Software, Cisco also provides the Cisco Software Checker tool, available at https://sec.cloudapps.cisco.com/security/center/softwarechecker.x, which can be used to check if a specific software release is vulnerable to a given vulnerability.
We also recommend scanning your entire estate using the AppCheck vulnerability scanner regularly – both server systems and networking infrastructure, as well as end-user machines running desktop operating systems – in order to detect known vulnerabilities in your technical estate. Contact your account manager now to enquire about license options for our ‘internal scan hubs’ solution or, if not already a customer, take our platform for a test drive today at https://appcheck-ng.com/.
The upcoming dates for the next four monthly Cisco roundups will be:
Add them to your calendar now!
Also keep an eye on our blog for coverage of other critical vulnerability updates including:
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
No software to download or install.
Contact us or call us 0113 887 8380
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorized by te Common Vulnerabilities and Exposures (CVE) Program aas a CVE Numbering Authority (CNA)
