❌

Normal view

There are new articles available, click to refresh the page.
Today β€” 28 March 2024Security News

Cisco addressed high-severity flaws in IOS and IOS XE software

28 March 2024 at 18:49

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to trigger a denial-of-service (DoS) condition.

Cisco this week released patches to address multiple IOS and IOS XE software vulnerabilities. An unauthenticated attacker can exploit several issues fixed by the IT giant to cause a denial-of-service (DoS) condition.

Below are the most severe issues addressed by the company:

CVE-2024-20311 (CVSS score 8.6) – A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software. An unauthenticated, remote attacker can trigger the flaw to cause an affected device to reload.

CVE-2024-20314 (CVSS score 8.6) – A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software. An unauthenticated, remote attacker can trigger the flaw to cause high CPU utilization and stop all traffic processing, resulting in a denial of service (DoS) condition on an affected device.

CVE-2024-20307 – CVE-2024-20308 (CVSS score 8.6) – Multiple vulnerabilities in the Internet Key Exchange version 1 (IKEv1) fragmentation feature of Cisco IOS Software and Cisco IOS XE Software. An attacker could allow an unauthenticated, remote attacker to cause a heap overflow or corruption on an affected system.

CVE-2024-20259 (CVSS score 8.6) – A vulnerability in the DHCP snooping feature of Cisco IOS XE Software. An unauthenticated, remote attacker can trigger the flaw to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.

CVE-2024-20303 (CVSS score 7.4) – A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs). An unauthenticated, adjacent attacker can trigger the flaw to cause a denial of service (DoS) condition.

The company also addressed other high and medium-severity vulnerabilities in Cisco Access Point Software, Cisco Catalyst Center, and Cisco Aironet Access Point Software.

Follow me on Twitter:Β @securityaffairsΒ andΒ FacebookΒ andΒ Mastodon

PierluigiΒ Paganini

(SecurityAffairs – hacking,Β Cisco)

Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries

By: Newsroom
28 March 2024 at 17:02
A Linux version of a multi-platform backdoor calledΒ DinodasRATΒ has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan,Β new findingsΒ from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive data from compromised hosts. In October 2023, Slovak cybersecurity firm ESET&nbsp

Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack

By: Newsroom
28 March 2024 at 16:50
The Police of Finland (aka Poliisi) has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber attack targeting the country's Parliament in 2020. The intrusion, per the authorities, is said to have occurred between fall 2020 and early 2021. The agency described the ongoing criminal probe as both demanding and time-consuming, involving extensive analysis of a "

❌
❌