Solved: 回复： Firmware update package Cisco IMC CVE-2024-20295 CVE-2024-20356

Michael Eriksson · ‎07-25-2024

Hi,

I started to install Firmware update package Cisco IMC CVE-2024-20295 CVE-2024-20356 in our test environment. After running it the and it's up to date the machine still informs me that it's an upgrade available and that upgrade is Firmware update package Cisco IMC CVE-2024-20295 CVE-2024-20356.

I have verified that the firmware upgrade were successful by running it again and get the following output

Upgrade payload extracted
BIOS is up to date
BMC firmware is up to date
RAID firmware is up to date
No firmware needs upgrade

Anyone know if this is a bug or an expected behavior? It is a bit annoying to be informed that there is upgrades when there isn't.

Ragards

Michael

Michael Eriksson · ‎07-25-2024

I didn't read the upgrade document thoroughly enough.

In a note it says:
After you run the firmware upgrade, the firmware upgrade package will display in the list of available
upgrades even after a successful installation. The presence of this package does not indicate a failed
upgrade.

Still annoying though.....

Michael

View solution in original post

Michael Eriksson · ‎07-25-2024

I didn't read the upgrade document thoroughly enough.

In a note it says:
After you run the firmware upgrade, the firmware upgrade package will display in the list of available
upgrades even after a successful installation. The presence of this package does not indicate a failed
upgrade.

Still annoying though.....

Michael

Meraki User · ‎08-22-2024

Hi,

I found the advisories of CVE-2024-20295 and CVE-2024-20356 . The Cisco PSIRT stated both of the two CVE got POC exploit code.

But i only found the POC of CVE-2024-20356 in github, maybe the advisories were incorrect ?