Trending

ee-track">
Link copied!

CERT-In Flags Two High-Risk Cisco Vulnerabilities Targeting Key Infrastructure

CERT-In has added two high-severity Cisco vulnerabilities (CVE-2024-20484 & CVE-2024-20536) to its catalog.

November 18, 2024 · 4 min read
CERT-In Flags Two High-Risk Cisco Vulnerabilities Targeting Key Infrastructure

Overview

The Indian Computer Emergency Response Team (CERT-In) has recently added two Cisco vulnerabilities to its catalog. Both vulnerabilities target Cisco products, with high severity ratings and potential for impacts on the confidentiality, integrity, and availability of affected systems. 

The first vulnerability, CVE-2024-20536, affects Cisco’s Nexus Dashboard Fabric Controller (NDFC), specifically versions 12.1.2 and 12.1.3. The flaw is found in the REST API endpoint and web-based management interface, and it could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device.

The vulnerability arises due to insufficient input validation. An attacker with read-only privileges could exploit this flaw by sending specially crafted requests to the affected device’s REST API or management interface, bypassing input validation and potentially modifying or deleting data in the internal database. Exploiting this vulnerability could lead to denial of service (DoS) conditions and a significant disruption of operations.

The severity of the vulnerability is classified as high. It affects Cisco NDFC versions 12.1.2 and 12.1.3, making these systems particularly vulnerable to exploitation. The potential impact includes data manipulation, which could allow attackers to alter sensitive information and service disruption, potentially leading to system downtime. Furthermore, there is a risk of data leakage, where unauthorized individuals may access and expose confidential data stored within the affected systems.

This vulnerability does not affect Cisco NDFC when it is configured as a Storage Area Network (SAN) controller. However, for organizations using the affected versions of Cisco NDFC, the potential risks are significant, especially in terms of data integrity and availability.

CVE-2024-20484: Denial of Service in Cisco Enterprise Chat and Email (ECE)

The second vulnerability, CVE-2024-20484, affects Cisco Enterprise Chat and Email (ECE) versions 12.6 and earlier, running the External Agent Assignment Service (EAAS). This vulnerability could allow unauthenticated, remote attackers to trigger a Denial of Service (DoS) condition, disrupting the availability of the ECE system.

The vulnerability lies in the way Cisco ECE handles Media Routing Peripheral Interface Manager (MR PIM) traffic. An attacker could exploit this flaw by sending specially crafted MR PIM traffic, causing a failure in the MR PIM connection between Cisco ECE and Cisco Unified Contact Centre Enterprise (CCE). This failure leads to a denial-of-service condition, rendering the ECE system inoperable.

This issue primarily affects organizations using Cisco ECE for enterprise communication. A successful attack could lead to widespread disruptions, affecting internal communications and customer service operations.

Cisco’s Broader Vulnerability Landscape: A Year of Increased Threats

While CVE-2024-20484 and CVE-2024-20536 are the latest additions to the catalog of known vulnerabilities, Cisco has had a series of high-severity vulnerabilities throughout the year. In addition to these new vulnerabilities, Cyble recently reported on a critical flaw in the Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul (URWB), tracked as CVE-2024-20418. This vulnerability, with a CVSS score of 10.0 (the highest possible severity), allows attackers to gain root-level access to vulnerable Cisco devices.

Exploiting this flaw can enable unauthorized command execution on affected systems, making it one of the most dangerous vulnerabilities in Cisco’s product lineup this year. The CVE-2024-20418 vulnerability affects Cisco Catalyst Access Points operating in URWB mode, such as the Catalyst IW9165D, IW9165E, and IW9167E models. Attackers can exploit this flaw by sending specially crafted HTTP requests to the affected device, injecting commands with root privileges, and gaining control over the device. Exploiting this vulnerability could lead to compromises in industrial and high-stakes environments.

Moreover, Cyble sensors have previously detected cyberattacks targeting the “/+CSCOE+/logon.html” URL, which is linked to Cisco ASA’s WebVPN Login Page. Vulnerabilities like XSS, path traversal, and HTTP response splitting could allow attackers to execute code, steal data, or disrupt services.

Conclusion 

The disclosure of these Cisco vulnerabilities, like CVE-2024-20484 and CVE-2024-20536, stresses the growing risk of exploitation in critical infrastructure, particularly in widely used systems like Cisco products. As Cyble and other threat intelligence firms have noted, cybercriminals are increasingly targeting known vulnerabilities, employing tactics such as brute-force attacks and leveraging the dark web to spread exploits. 

With vulnerabilities continuing to be discovered and actively targeted, organizations must prioritize patch management, implement strong security measures, and conduct regular vulnerability assessments. By staying on guard and proactive in updating systems, segmenting networks, and monitoring suspicious activity, businesses can better defend against online threats. 

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams