April 5, 2024 at 11:54AM
Cisco issued a warning about a cross-site scripting (XSS) vulnerability in end-of-life RV series small business routers, impacting discontinued models RV016, RV042, RV042G, RV082, RV320, and RV325. The flaw, CVE-2024-20362, is remotely exploitable and lacks a workaround. Cisco also announced other vulnerability patches, including a high-severity defect in Nexus Dashboard Fabric Controller (NDFC).
Meeting Takeaways:
1. Cisco issued a warning regarding a cross-site scripting (XSS) vulnerability in end-of-life (EoL) RV series small business routers, impacting models RV016, RV042, RV042G, RV082, RV320, and RV325. The vulnerability, tracked as CVE-2024-20362, is remotely exploitable without authentication and there are no workarounds for the bug. Users are advised to migrate to a supported product due to discontinued routers no longer receiving security patches.
2. Cisco also announced patches for other vulnerabilities across its product portfolio, including a high-severity defect in Nexus Dashboard Fabric Controller (NDFC) (CVE-2024-20348) and several medium-severity bugs in TelePresence Management Suite, Nexus Dashboard, Nexus Dashboard Orchestrator, Identity Services Engine (ISE), Enterprise Chat and Email, Unified Communications Manager IM & Presence Service, and Emergency Responder. The company is not aware of these bugs being exploited in attacks. More information can be available on Cisco’s security advisories page.
3. It was noted that discontinued Cisco networking devices have been known to be exploited in attacks. Therefore, users are urged to stay updated with patches and migrate to supported products to mitigate potential security risks.
Let me know if you need any further information or clarification.