Cisco Products Remote Code Execution Vulnerability
A vulnerability has been identified in Cisco Products, a remote user can exploit this vulnerability to trigger elevation of privilege and remote code execution on the targeted system.
Note:
Proof of concept exploit for CVE-2024-6387 exists on the internet.
RISK: High Risk
TYPE: Operating Systems – Networks OS
Impact
- Remote Code Execution
System / Technologies affected
- Adaptive Security Appliance (ASA) Software
- Firepower 4100/9300 FXOS Firepower Chassis Manager
- Firepower Management Center (FMC) Software
- Firepower Threat Defense (FTD) Software
- Identity Services Engine (ISE)
- Secure Access Resource Connector
- Secure Email and Web Manager
- Secure Email Gateway
- Secure Network Analytics
- Common Services Platform Collector (CSPC)
- Crosswork Data Gateway
- Cyber Vision
- DNA Spaces Connector
- Evolved Programmable Network Manager (EPNM)
- Prime Collaboration Deployment
- Prime Infrastructure
- Smart PHY
- Smart Software Manager On-Prem
- Virtualized Infrastructure Manager
- 8000 Series Routers
- ASR 5000 Series Routers
- Catalyst ESS9300 Embedded Series Switches
- Catalyst IE3x00 Rugged Series Switches
- Catalyst IE9300 Rugged Series Switches
- Embedded Services 3300 Series Switches
- GGSN Gateway GPRS Support Node
- IOS XE Software with NETCONF enabled
- IOS XRd Control Plane
- IOS XRd vRouter
- IP Services Gateway (IPSG)
- MDS 9000 Series Multilayer Switches
- MME Mobility Management Entity
- Network Convergence System 540 Series Routers running NCS540L images
- Network Convergence System 1010
- Network Convergence System 1014
- Network Convergence System 5700 Fixed Chassis NCS-57B1, NCS-57C1, and NCS-57D2
- Nexus 3000 Series Switches
- Nexus 9000 Series Fabric Switches in ACI Mode
- Nexus 9000 Series Switches in standalone NX-OS mode
- PDSN/HA Packet Data Serving Node and Home Agent
- PGW Packet Data Network Gateway
- System Architecture Evolution (SAE) Gateway
- Ultra Cloud Core – Session Management Function
- Ultra Cloud Core – Subscriber Microservices Infrastructure
- Ultra Cloud Core 5G Policy Control Function
- Ultra Packet Core
- Intersight Virtual Appliance
- UCS C-Series Rack Servers and S-Series Storage Servers – Integrated Management Controller (CIMC)
- Desk Phone 9841
- Desk Phone 9851
- Emergency Responder
- Unified Communications Manager / Unified Communications Manager Session Management Edition
- Unified Communications Manager IM and Presence Service
- Unified Contact Center Express (Unified CCX)
- Unity Connection
- Video Phone 8875
- Board Series
- Cisco Meeting Server
- Desk Series
- Expressway Series
- Room Series
- TelePresence Video Communication Server (VCS)
- Webex Board
- Webex DX80
- 6300 Series Embedded Services Access Points
- Aironet 802.11ac Wave2 Access Points
- Aironet 1540 Series
- Aironet 1560 Series
- Catalyst 9100 Series Access Points
- Catalyst IW6300 Heavy Duty Series Access Points
- Catalyst IW9165 Heavy Duty Series
- Catalyst IW9165 Rugged Series
- Catalyst IW9167 Heavy Duty Series
- Connected Mobile Experiences
- IEC6400 Edge Compute Appliance
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024
Vulnerability Identifier
Source
Related Link
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
