Components Affected
Overview
Multiple vulnerabilities were identified in Cisco Products, where a remote attacker could exploit some of these vulnerabilities to trigger remote code execution and denial of service condition on the targeted system.
Description
The Vulnerabilities tracked by the CVE-2024-20353 and CVE-2024-20359 are being exploited in the wild. The vulnerability CVE-2024-20353 required users enabling SSL listen sockets on any TCP port to be exploited which impacts the denial of service vulnerability. Whereas the vulnerability tracked by CVE-2024-20359 required a user who have at least resource administrator role privilege to perform critical actions which could cause code execution vulnerability.
Impact
Solution/ Workarounds
Apply the following fixes provided by the vendor.
Reference
Disclaimer
The information provided herein is on an “as is” basis, without warranty of any kind.