Malware Poses as Palo Alto VPN to Target Users in Middle East – Active IOCs
September 2, 2024CVE-2024-35966 – Linux Kernel Vulnerability
September 2, 2024Malware Poses as Palo Alto VPN to Target Users in Middle East – Active IOCs
September 2, 2024CVE-2024-35966 – Linux Kernel Vulnerability
September 2, 2024Severity
Medium
Analysis Summary
CVE-2024-20279 CVSS:4.3
Cisco Application Policy Infrastructure Controller could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control when restricted security domains are used to implement multi-tenancy. An attacker could exploit this vulnerability to read, modify, or delete child policies created under default system policies.
CVE-2024-20478 CVSS:6.5
Cisco Application Policy Infrastructure Controller could allow a remote authenticated attacker to gain elevated privileges on the system, caused by insufficient signature validation of software images. By installing a modified software image, an attacker could exploit this vulnerability to execute arbitrary code on the affected system and elevate their privileges to root.
Impact
- Security Bypass
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-20279
- CVE-2024-20478
Affected Vendors
Affected Products
- Cisco Application Policy Infrastructure Controller (APIC) - 3.2(8d)
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.