Cisco SD-WAN vManage Information Disclosure Vulnerability

When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.

In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Fixed Releases

At the time of publication, Cisco SD-WAN vManage Software releases 20.4.1 and later contained the fix for this vulnerability.

See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-37079 : VMWARE VCENTER SERVER/CLOUD FOUNDATION DCERPC HEP-BASED OVERFLOW

CVE-2024-37079 : VMWARE VCENTER SERVER/CLOUD FOUNDATION DCERPC HEP-BASED OVERFLOW

Description vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access

CVE-2024-5469 : GITLAB COMMUNITY EDITION/ENTERPRISE EDITION UP TO 16.10.5/16.11.2 KAS RESOURCE CONSUMPTION

CVE-2024-5469 : GITLAB COMMUNITY EDITION/ENTERPRISE EDITION UP TO 16.10.5/16.11.2 KAS RESOURCE CONSUMPTION

Description DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3

CVE-2024-27172 : TOSHIBA TEC E-STUDIO MULTI-FUNCTION PERIPHERAL OS COMMAND INJECTION

CVE-2024-27172 : TOSHIBA TEC E-STUDIO MULTI-FUNCTION PERIPHERAL OS COMMAND INJECTION

Description Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference