X.B

**Name of the Vulnerable Software and Affected Versions** Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches (affected versions not specified) **Description** A vulnerability in the software could allow an authenticated, local attacker with high privilege levels or an unauthenticated attacker with physical access to the device to execute persistent code at boot time, breaking the chain of trust. This issue arises from missing signature verification for specific files loaded during the device boot process. An attacker could exploit this by placing a crafted file in a specific location on an affected device, potentially allowing the execution of arbitrary code at boot time. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco IOS XE Software (affected versions not specified) **Description** A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This issue is due to insufficient input validation when processing specific configuration commands. An attacker could exploit this vulnerability by including crafted input in specific configuration commands, potentially allowing them to perform undetected actions on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco IOS XE Software (affected versions not specified) **Description** A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This issue is due to insufficient input validation when processing specific configuration commands. An attacker could exploit this vulnerability by including crafted input in specific configuration commands, potentially allowing them to perform undetected actions on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco IOS XE Software (affected versions not specified) **Description** A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This issue is due to insufficient input validation when processing specific configuration commands. An attacker could exploit this by including crafted input in specific configuration commands, potentially allowing them to perform undetected actions on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco IOS XE Software (affected versions not specified) **Description** A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This is due to insufficient input validation when processing specific configuration commands. An attacker could exploit this by including crafted input in specific configuration commands, potentially allowing them to perform undetected actions on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco IOS XE Software for Wireless LAN Controllers (WLCs) versions prior to 17.12.04 Catalyst 9800-CL Wireless Controllers for Cloud versions prior to 17.12.04 Catalyst 9800 Embedded Wireless Controller for 9300, 9400, and 9500 Series Switches versions prior to 17.12.04 Catalyst 9800 Series Wireless Controllers versions prior to 17.12.04 Embedded Wireless Controller on Catalyst APs versions prior to 17.12.04 **Description** A critical vulnerability exists in Cisco IOS XE Software for Wireless LAN Controllers (WLCs) due to the presence of a hard-coded JSON Web Token (JWT). This allows an unauthenticated, remote attacker to upload arbitrary files to an affected system by sending crafted HTTPS requests to the Out-of-Band AP Image Download feature. Successful exploitation can lead to path traversal and arbitrary command execution with root privileges. This vulnerability is actively exploited. The vulnerability is exploitable only if the Out-of-Band AP Image Download feature is enabled. The hard-coded JWT allows attackers to bypass authentication. The vulnerability has been exploited by the Salt Typhoon group. Approximately 900+ systems are found to be vulnerable. **Recommendations** Apply the software update to version 17.12.04 or later. Disable the Out-of-Band AP Image Download feature as a temporary workaround.

**Name of the Vulnerable Software and Affected Versions** Cisco IOS XE Software (affected versions not specified) **Description** A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This issue is due to insufficient input validation when processing specific configuration commands. An attacker could exploit this vulnerability by including crafted input in specific configuration commands, potentially allowing them to perform undetected actions on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) Description: The issue is related to improper validation of data in HTTPS POST requests to the Dynamic Access Policies (DAP) feature. An attacker with valid remote access VPN user credentials could exploit this by sending a crafted HTTPS POST request, potentially causing the device to reload and resulting in a denial of service (DoS) condition. Recommendations: For Cisco Adaptive Security Appliance (ASA) Software, update to a version that fixes the improper validation of data in HTTPS POST requests. For Cisco Firepower Threat Defense (FTD) Software, update to a version that fixes the improper validation of data in HTTPS POST requests. As a temporary workaround, consider restricting access to the DAP feature until a patch is available.

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) Description: A vulnerability in the VPN web server of the software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a specific file when it is read from system flash memory. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, the impact of this issue is considered high. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software (affected versions not specified) Description: A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Recommendations: Upgrade the OSPFv2 component as soon as possible to address this vulnerability. There are no workarounds that address this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco IOS XE Software (affected versions not specified) **Description** A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco IOS and Cisco IOS XE (affected versions not specified) **Description** The issue is related to the incorrect handling of LISP packets, which could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability could be exploited over either IPv4 or IPv6 transport. **Recommendations** To resolve the issue, update the software to a version that addresses this vulnerability. There are no workarounds that address this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco IOS XE Software (affected versions not specified) **Description** The issue is related to the NETCONF feature of Cisco IOS XE Software, where improper validation of user-supplied input could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This is due to the use of an incomplete blacklist when processing input data. An attacker could exploit this by sending crafted input over NETCONF to an affected device, potentially allowing them to elevate privileges from Administrator to root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco IOS XE Software (affected versions not specified) **Description** The issue is related to insufficient CSRF protections for the web-based management interface of Cisco IOS XE Software, allowing an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack. This could enable the attacker to execute commands on the CLI of an affected device by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco ISE (affected versions not specified) **Description** A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Read-only-level privileges or higher on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco ISE (affected versions not specified) **Description** A vulnerability in the CDP processing feature could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of the CDP process on an affected device. This is due to insufficient bounds checking when an affected device processes CDP traffic. An attacker could exploit this by sending crafted CDP traffic to the device, causing the CDP process to crash and impacting neighbor discovery and the ability to determine the reachability of remote devices. **Recommendations** To resolve the issue, manually restart the CDP process using the `cdp enable` command in interface configuration mode after a crash. As a temporary workaround, consider restricting access to the CDP processing feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Identity Services Engine (ISE) (affected versions not specified) **Description** The issue allows an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this, an attacker must have valid credentials on an affected device. The vulnerability exists due to the lack of neutralization of special elements used in the operating system command. Exploitation can allow a remote attacker to execute arbitrary commands using a specially crafted HTTP request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Identity Services Engine (ISE) (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the Cisco Identity Services Engine (ISE) that could allow an authenticated attacker to perform path traversal attacks on the underlying operating system. This could result in either elevating privileges to root or reading arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Identity Services Engine (ISE) (affected versions not specified) **Description** The issue is related to insufficient validation of user-supplied input in specific Cisco Identity Services Engine (ISE) CLI commands, allowing an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this, an attacker must have valid Administrator privileges on the affected device. A successful exploit could allow the attacker to elevate privileges to root by submitting a crafted CLI command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Identity Services Engine (ISE) (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands. These vulnerabilities could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. The attacker must have valid Administrator privileges on the affected device to exploit these vulnerabilities. The vulnerabilities are due to insufficient validation of user-supplied input, and an attacker could exploit them by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.