New HTML Smuggling Campaign Targets Russian Users with DCRat Malware – Active IOCs
September 30, 2024CVE-2024-9284 – TP-LINK TL-WR841ND Vulnerability
September 30, 2024New HTML Smuggling Campaign Targets Russian Users with DCRat Malware – Active IOCs
September 30, 2024CVE-2024-9284 – TP-LINK TL-WR841ND Vulnerability
September 30, 2024Severity
Medium
Analysis Summary
CVE-2024-20496 CVSS:6.1
This vulnerability is due to incorrect handling of a specific type of malformed UDP packet. An attacker in a machine-in-the-middle position could exploit this vulnerability by sending crafted UDP packets to an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition on the affected system.
CVE-2024-20475 CVSS:6.4
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface.
Impact
- Denial of Service
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-20496
- CVE-2024-20475
Affected Vendors
Affected Products
- Cisco SD-WAN vEdge router - 18.4.303 - 18.3.7 - 19.3.0 - 18.2.0 - 20.1.12 - 19.2.099 - 18.3.3 - 18.3.6 - 19.0.0
- Cisco Catalyst SD-WAN Manager - 20.6.1 - 20.6.1.1 - 20.6.0.18.3 - 20.6.0.18.4 - 20.6.1.0.1 - 20.6.2 - 20.7.1EFT2
- Cisco SD-WAN vEdge Cloud - 19.2.1 - 20.1.12 - 18.4.4 - 19.3.0 - 18.3.8 - 19.2.2 - 20.1.1 - 18.3.6 - 18.4.3 - 18.4.302
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.