The CERT-FR has issued an advisory regarding the discovery of multiple vulnerabilities in Cisco products, exposing users to risks such as remote arbitrary code execution, remote denial of service, security policy bypass, and potential compromise of data confidentiality.
Summary of Vulnerabilities:
- Vulnerabilities affect various Cisco products, including Cisco Catalyst SD-WAN Manager, Cisco IOS, IOS XE, and Cisco DNA Center.
- Potential risks include remote arbitrary code execution, remote denial of service, and the ability to bypass security policies.
- Specifically affected systems are those using Cisco Catalyst SD-WAN Manager (prior to version 20.12.1), Cisco IOS and IOS XE without the latest security patches, and Cisco DNA Center (prior to version 2.3.5.4 and versions 2.3.6.x before 2.3.7.0).
Solution: Refer to the vendor’s security bulletin for obtaining the necessary patches. Detailed information can be found on the vendor’s security advisory page.
References:
- CVE-2023-20034
- CVE-2023-20252
- CVE-2023-20253
- CVE-2023-20254
- CVE-2023-20262
- CVE-2023-20186
- CVE-2023-20226
- CVE-2023-20033
- CVE-2023-20223
- CVE-2023-20227
- CVE-2023-20187
- CVE-2023-20231