Refine your search
5 vulnerabilities found for Expressway Series by Cisco
CERTFR-2024-AVI-0103
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Pour une correction complète sur les produits Cisco Expressway Series, la commande suivante doit être exécutée :
xconfiguration Security CSRFProtection status : "Enabled"
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Secure Endpoint Connector versions 7.5.x antérieures à 7.5.17 pour Windows | ||
| Cisco | N/A | Secure Endpoint Private Cloud versions antérieures à 3.8.0 | ||
| Cisco | Expressway Series | Cisco Expressway Series toutes versions antérieures à 14.3.4 sans exécution de la commande ci-dessous | ||
| Cisco | N/A | Secure Endpoint Connector versions 8.2.x antérieures à 8.2.1 pour Windows | ||
| Cisco | Expressway Series | Cisco Expressway Series 15.0.x versions antérieures à 15.0.0 sans exécution de la commande ci-dessous |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Secure Endpoint Connector versions 7.5.x ant\u00e9rieures \u00e0 7.5.17 pour Windows",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Secure Endpoint Private Cloud versions ant\u00e9rieures \u00e0 3.8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Expressway Series toutes versions ant\u00e9rieures \u00e0 14.3.4 sans ex\u00e9cution de la commande ci-dessous",
"product": {
"name": "Expressway Series",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Secure Endpoint Connector versions 8.2.x ant\u00e9rieures \u00e0 8.2.1 pour Windows",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Expressway Series 15.0.x versions ant\u00e9rieures \u00e0 15.0.0 sans ex\u00e9cution de la commande ci-dessous",
"product": {
"name": "Expressway Series",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "Pour une correction compl\u00e8te sur les produits Cisco Expressway Series, la commande suivante doit \u00eatre ex\u00e9cut\u00e9e :\n```\nxconfiguration Security CSRFProtection status : \"Enabled\"\n```",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20255"
},
{
"name": "CVE-2024-20254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20254"
},
{
"name": "CVE-2024-20290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20290"
},
{
"name": "CVE-2024-20252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20252"
}
],
"initial_release_date": "2024-02-08T00:00:00",
"last_revision_date": "2024-02-08T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0103",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, un contournement de la politique de s\u00e9curit\u00e9 et une injection\nde requ\u00eates ill\u00e9gitimes par rebond (CSRF).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2024-02-07",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-expressway-csrf-KnnZDMj3",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3"
},
{
"published_at": "2024-02-07",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-clamav-hDffu6t",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t"
}
]
}
CERTFR-2022-AVI-885
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une élévation de privilèges, un déni de service à distance et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Expressway Series | Cisco Expressway Series versions antérieures à 14.2 | ||
| Cisco | N/A | Cisco Enterprise NFVIS versions antérieures à 4.9.1 | ||
| Cisco | TelePresence VCS | Cisco TelePresence VCS versions antérieures à 14.2 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Expressway Series versions ant\u00e9rieures \u00e0 14.2",
"product": {
"name": "Expressway Series",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Enterprise NFVIS versions ant\u00e9rieures \u00e0 4.9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence VCS versions ant\u00e9rieures \u00e0 14.2",
"product": {
"name": "TelePresence VCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-20853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20853"
},
{
"name": "CVE-2022-20814",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20814"
},
{
"name": "CVE-2022-20929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20929"
}
],
"initial_release_date": "2022-10-06T00:00:00",
"last_revision_date": "2022-10-06T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-885",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer un contournement de la\npolitique de s\u00e9curit\u00e9, une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0\ndistance et une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-expressway-csrf-sqpsSfY6 du 05 octobre 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-NFVIS-ISV-BQrvEv2h du 05 octobre 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-ISV-BQrvEv2h"
}
]
}
CERTFR-2021-AVI-931
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Cloud Services Platform 2100 versions antérieures à 2.8.2 (avril 2022) | ||
| Cisco | N/A | Cisco UCS Director Bare Metal Agent versions antérieures à 6.8.1.1 (février 2022) | ||
| Cisco | N/A | Cisco TelePresence Video Communication Server (VCS) versions antérieures à 14.0.4 et 14.1 (indisponible pour l'instant) | ||
| Cisco | N/A | Cisco Prime Optical for Service Providers | ||
| Cisco | N/A | Cisco Wireless Gateway for LoRaWAN | ||
| Cisco | N/A | Cisco FXOS Software for Firepower 4100/9300 Series Appliances | ||
| Cisco | N/A | Cisco Policy Suite versions antérieures à 22.1 (mai 2022) | ||
| Cisco | N/A | Cisco UCS Central Software | ||
| Cisco | Expressway Series | Cisco Expressway Series versions antérieures à 14.0.4 et 14.1 (indisponible pour l'instant) | ||
| Cisco | N/A | Cisco Wide Area Application Services (WAAS) | ||
| Cisco | N/A | Cisco Security Manager versions antérieures à 4.25 | ||
| Cisco | N/A | Cisco Prime Collaboration Provisioning | ||
| Cisco | N/A | Cisco UCS Manager | ||
| Cisco | N/A | Cisco Network Assurance Engine | ||
| Cisco | N/A | Cisco Prime Infrastructure versions antérieures à 3.10 | ||
| Cisco | N/A | Cisco Firepower Management Center versions antérieures à 7.02 et 7.1.0.1 (mai 2022) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Cloud Services Platform 2100 versions ant\u00e9rieures \u00e0 2.8.2 (avril 2022)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS Director Bare Metal Agent versions ant\u00e9rieures \u00e0 6.8.1.1 (f\u00e9vrier 2022)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Video Communication Server (VCS) versions ant\u00e9rieures \u00e0 14.0.4 et 14.1 (indisponible pour l\u0027instant)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Optical for Service Providers",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wireless Gateway for LoRaWAN",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FXOS Software for Firepower 4100/9300 Series Appliances",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Policy Suite versions ant\u00e9rieures \u00e0 22.1 (mai 2022)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS Central Software",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Expressway Series versions ant\u00e9rieures \u00e0 14.0.4 et 14.1 (indisponible pour l\u0027instant)",
"product": {
"name": "Expressway Series",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wide Area Application Services (WAAS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Security Manager versions ant\u00e9rieures \u00e0 4.25",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Collaboration Provisioning",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Network Assurance Engine",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Infrastructure versions ant\u00e9rieures \u00e0 3.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center versions ant\u00e9rieures \u00e0 7.02 et 7.1.0.1 (mai 2022)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-36160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36160"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2021-33193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33193"
},
{
"name": "CVE-2021-40438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
}
],
"initial_release_date": "2021-12-10T00:00:00",
"last_revision_date": "2021-12-10T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-931",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n\n\u00a0\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-apache-httpd-2.4.49-VWL69sWQ du 08 d\u00e9cembre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
}
]
}
CERTFR-2019-AVI-181
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Expressway Series | Cisco Expressway Series et Cisco TelePresence Video Communication Server versions antérieures à X12.5.1 | ||
| Cisco | N/A | Cisco Wireless LAN Controller versions 8.6.x, 8.7.x et 8.8.x antérieures à 8.8.120.0 | ||
| Cisco | IOS XR | Cisco IOS XR 64-bit versions antérieures à 6.5.3 et 7.0.1 | ||
| Cisco | N/A | Cisco Wireless LAN Controller versions antérieures à 8.3.150.0 | ||
| Cisco | N/A | Cisco Wireless LAN Controller versions 8.4.x et 8.5.x antérieures à 8.5.140.0 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Expressway Series et Cisco TelePresence Video Communication Server versions ant\u00e9rieures \u00e0 X12.5.1",
"product": {
"name": "Expressway Series",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wireless LAN Controller versions 8.6.x, 8.7.x et 8.8.x ant\u00e9rieures \u00e0 8.8.120.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR 64-bit versions ant\u00e9rieures \u00e0 6.5.3 et 7.0.1",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wireless LAN Controller versions ant\u00e9rieures \u00e0 8.3.150.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wireless LAN Controller versions 8.4.x et 8.5.x ant\u00e9rieures \u00e0 8.5.140.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1721",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1721"
},
{
"name": "CVE-2019-1710",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1710"
},
{
"name": "CVE-2019-1800",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1800"
},
{
"name": "CVE-2018-0248",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0248"
},
{
"name": "CVE-2019-1796",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1796"
},
{
"name": "CVE-2019-1654",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1654"
},
{
"name": "CVE-2019-1797",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1797"
},
{
"name": "CVE-2019-1799",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1799"
}
],
"initial_release_date": "2019-04-18T00:00:00",
"last_revision_date": "2019-04-18T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-181",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190417-wlc-gui du 17 avril 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-gui"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190417-wlc-iapp du 17 avril 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190417-asr9k-exr du 17 avril 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190417-aironet-shell du 17 avril 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-aironet-shell"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190417-wlc-csrf du 17 avril 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-csrf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190417-es-tvcs-dos du 17 avril 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-es-tvcs-dos"
}
]
}
CERTFR-2016-AVI-045
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Digital Media Manager (DMM) | ||
| Cisco | N/A | Cisco NAC Guest Server versions antérieures à 2.1.0 (disponible le 19 février 2016) | ||
| Cisco | IOS | IOS-XR for Cisco Network Convergence System (NCS) 6000 | ||
| Cisco | N/A | Cisco Intelligent Automation for Cloud | ||
| Cisco | N/A | Cisco DCM Series 9900-Digital Content Manager versions antérieures à 18.0 (disponible le 31 mars 2016) | ||
| Cisco | N/A | Cisco Video Surveillance Media Server | ||
| Cisco | N/A | Cisco FireSIGHT System Software versions antérieures à 6.1 (disponible en juin 2016) | ||
| Cisco | Unified Communications Manager Session Management Edition | Cisco Unified Communications Manager Session Management Edition (SME) | ||
| Cisco | N/A | Cisco Videoscape Policy and Resource Management | ||
| Cisco | N/A | Cisco Management Heartbeat Server versions antérieures à RMS5.x MR (disponible le 29 juillet 2016) | ||
| Cisco | N/A | Cisco Standalone rack server CIMC | ||
| Cisco | N/A | Cloud Object Store (COS) versions antérieures à 3.8 (disponible le 9 avril 2016) | ||
| Cisco | N/A | Cisco Universal Small Cell 7000 Series exécutant la version V3.4.2.x | ||
| Cisco | N/A | Cisco Finesse | ||
| Cisco | N/A | Cisco Hosted Collaboration Mediation Fulfillment | ||
| Cisco | N/A | Cisco TelePresence Video Communication Server (VCS) versions antérieures à 8.7.1 (disponible le 22 février 2016) | ||
| Cisco | N/A | Cisco UCS Central | ||
| Cisco | N/A | Cisco TelePresence Conductor versions antérieures à XC4.2 (disponible le 30 mars 2016) | ||
| Cisco | N/A | Cisco Application and Content Networking System (ACNS) versions antérieures à 5.5.41 (disponible le 29 février 2016) | ||
| Cisco | N/A | Cisco Digital Media Manager | ||
| Cisco | N/A | Cisco Virtual Topology System | ||
| Cisco | N/A | Cisco IP Interoperability and Collaboration System (IPICS) | ||
| Cisco | Unified Communications | Unified Communications Deployment Tools | ||
| Cisco | N/A | Cisco Enterprise Content Delivery System (ECDS) versions antérieures à 2.6.7 (disponible le 30 avril 2016) | ||
| Cisco | N/A | Cisco Quantum Virtualized Packet Core | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) version 1.1 | ||
| Cisco | N/A | Cisco ASA CX et Cisco Prime Security Manager versions antérieures à 9.3.4.5 (disponible le 30 mai 2016) | ||
| Cisco | Jabber | Cisco Jabber Guest 10.0(2) | ||
| Cisco | N/A | Cisco Intrusion Prevention System Solutions (IPS) versions antérieures à 7.1(11) Patch 1 (disponible le 31 mars 2016) | ||
| Cisco | N/A | Cisco 910 Industrial Router | ||
| Cisco | Expressway Series | Cisco Expressway Series versions antérieures à 8.7.1 (disponible le 22 février 2016) | ||
| Cisco | N/A | Cisco TelePresence MX Series | ||
| Cisco | N/A | Cisco TelePresence SX Series | ||
| Cisco | N/A | Cisco Clean Access Manager versions antérieures à 4.9.5 (disponible le 19 février 2016) | ||
| Cisco | N/A | Cisco Video Delivery System Recorder (correctif disponible le 30 avril 2016) | ||
| Cisco | N/A | Cisco Fog Director version 1.0(0) | ||
| Cisco | N/A | Cisco Universal Small Cell 5000 Series exécutant la version V3.4.2.x | ||
| Cisco | N/A | Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) | ||
| Cisco | N/A | Cisco Service Control Operating System | ||
| Cisco | N/A | Cisco Media Experience Engines (MXE) | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller (APIC) | ||
| Cisco | N/A | Cisco Telepresence Integrator C Series | ||
| Cisco | N/A | Cisco TelePresence EX Series | ||
| Cisco | N/A | Cisco Edge 300 Digital Media Player versions antérieures à 1.6RB4_4 (disponible le 25 février 2016) | ||
| Cisco | N/A | Cisco Intrusion Prevention System Solutions (IPS) versions antérieures à 7.3(05) Patch 1 (disponible le 30 avril 2016) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager (UCM) | ||
| Cisco | N/A | Cisco TelePresence Profile Series | ||
| Cisco | N/A | Cisco 3G Femtocell Wireless versions antérieures à SR10MR (disponible le 29 juillet 2016) | ||
| Cisco | N/A | Cisco NAC Server versions antérieures à 4.9.5 (disponible le 19 février 2016) |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Digital Media Manager (DMM)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NAC Guest Server versions ant\u00e9rieures \u00e0 2.1.0 (disponible le 19 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS-XR for Cisco Network Convergence System (NCS) 6000",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Intelligent Automation for Cloud",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco DCM Series 9900-Digital Content Manager versions ant\u00e9rieures \u00e0 18.0 (disponible le 31 mars 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Surveillance Media Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FireSIGHT System Software versions ant\u00e9rieures \u00e0 6.1 (disponible en juin 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager Session Management Edition (SME)",
"product": {
"name": "Unified Communications Manager Session Management Edition",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Videoscape Policy and Resource Management",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Management Heartbeat Server versions ant\u00e9rieures \u00e0 RMS5.x MR (disponible le 29 juillet 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Standalone rack server CIMC",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cloud Object Store (COS) versions ant\u00e9rieures \u00e0 3.8 (disponible le 9 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Universal Small Cell 7000 Series ex\u00e9cutant la version V3.4.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Finesse",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Hosted Collaboration Mediation Fulfillment",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Video Communication Server (VCS) versions ant\u00e9rieures \u00e0 8.7.1 (disponible le 22 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS Central",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Conductor versions ant\u00e9rieures \u00e0 XC4.2 (disponible le 30 mars 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application and Content Networking System (ACNS) versions ant\u00e9rieures \u00e0 5.5.41 (disponible le 29 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Digital Media Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Virtual Topology System",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Interoperability and Collaboration System (IPICS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Deployment Tools",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Enterprise Content Delivery System (ECDS) versions ant\u00e9rieures \u00e0 2.6.7 (disponible le 30 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Quantum Virtualized Packet Core",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) version 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA CX et Cisco Prime Security Manager versions ant\u00e9rieures \u00e0 9.3.4.5 (disponible le 30 mai 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Jabber Guest 10.0(2)",
"product": {
"name": "Jabber",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Intrusion Prevention System Solutions (IPS) versions ant\u00e9rieures \u00e0 7.1(11) Patch 1 (disponible le 31 mars 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 910 Industrial Router",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Expressway Series versions ant\u00e9rieures \u00e0 8.7.1 (disponible le 22 f\u00e9vrier 2016)",
"product": {
"name": "Expressway Series",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence MX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence SX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Clean Access Manager versions ant\u00e9rieures \u00e0 4.9.5 (disponible le 19 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Delivery System Recorder (correctif disponible le 30 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Fog Director version 1.0(0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Universal Small Cell 5000 Series ex\u00e9cutant la version V3.4.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Service Control Operating System",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Media Experience Engines (MXE)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller (APIC)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Telepresence Integrator C Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence EX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Edge 300 Digital Media Player versions ant\u00e9rieures \u00e0 1.6RB4_4 (disponible le 25 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Intrusion Prevention System Solutions (IPS) versions ant\u00e9rieures \u00e0 7.3(05) Patch 1 (disponible le 30 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager (UCM)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Profile Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 3G Femtocell Wireless versions ant\u00e9rieures \u00e0 SR10MR (disponible le 29 juillet 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NAC Server versions ant\u00e9rieures \u00e0 4.9.5 (disponible le 19 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-7973",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7973"
},
{
"name": "CVE-2015-7976",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7976"
},
{
"name": "CVE-2015-8158",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8158"
},
{
"name": "CVE-2015-7977",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7977"
},
{
"name": "CVE-2016-1305",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1305"
},
{
"name": "CVE-2015-8138",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
},
{
"name": "CVE-2015-7974",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7974"
},
{
"name": "CVE-2015-7975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7975"
},
{
"name": "CVE-2015-7978",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7978"
},
{
"name": "CVE-2015-8140",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8140"
},
{
"name": "CVE-2015-7979",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7979"
},
{
"name": "CVE-2015-8139",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8139"
},
{
"name": "CVE-2016-1306",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1306"
}
],
"initial_release_date": "2016-02-02T00:00:00",
"last_revision_date": "2016-02-02T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-fd du 01 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-fd"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-apic-em du 01 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-ntpd du 27 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
}
],
"reference": "CERTFR-2016-AVI-045",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-02-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance\n(XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-apic-em du 01 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-ntpd du 27 janvier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-fd du 01 f\u00e9vrier 2016",
"url": null
}
]
}