August 22, 2024 at 08:45AM
Cisco announced patches for multiple vulnerabilities, including a high-severity bug in its collaboration solutions impacting SIP call processing. The bug can cause a denial-of-service condition, but patches are available for affected versions. Additionally, medium-severity bugs were found in Identity Services Engine, Unified CM, and Unified CM SME, with workarounds provided. Cisco is not aware of these vulnerabilities being exploited. More information is available on Cisco’s security advisories page.
Based on the meeting notes, the key points are:
1. Cisco has announced patches for multiple vulnerabilities across its products, including a high-severity bug in its enterprise collaboration solutions, tracked as CVE-2024-20375.
2. The high-severity issue impacts the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and can be exploited remotely without authentication. The issue could lead to a denial-of-service (DoS) condition.
3. Workarounds for the bug are available, and patches are present in Unified CM and Unified CM SME versions 12.5(1)SU9, 14SU4, and 15SU1. The US National Security Agency (NSA) reported the bug, and Cisco is unaware of the bug being exploited in the wild.
4. There is an update on CVE-2024-6387, the OpenSSH vulnerability known as regreSSHion, with additional information on the released and planned fixes for Cisco products found to be vulnerable.
5. Cisco published four advisories detailing medium-severity bugs in Identity Services Engine (ISE), Unified CM, and Unified CM SME, including blind SQL injection, information disclosure, cross-site request forgery (CSRF), and cross-site scripting (XSS) vulnerabilities.
6. Cisco is not aware of the vulnerabilities being exploited in the wild. More information can be found on Cisco’s security advisories page.
Related articles under discussion:
– “Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities”
– “Cisco Patches Critical Vulnerability in Enterprise Collaboration Products”
– “Cisco Finds 8 Vulnerabilities in OAS Industrial IoT Data Platform”
– “Critical Vulnerabilities Allow Hacking of Cisco Small Business Routers”