Refine your search
59 vulnerabilities found for IOS XE by Cisco
CERTFR-2025-AVI-0819
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Cisco indique que les vulnérabilités CVE-2025-20333 et CVE-2025-20362 sont activement exploitées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Firepower Threat Defense | Firewall Threat Defense (FTD) versions 7.7.x antérieures à 7.7.10.1 | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.17.x et 9.18.x antérieures à 9.18.4.67 | ||
| Cisco | Firepower Threat Defense | Firewall Threat Defense (FTD) versions 7.3.x et 7.4.x antérieures à 7.4.2.4 | ||
| Cisco | IOS XE | IOS XE, se référer au bulletin de sécurité de l'éditeur pour les versions vulnérables (cf. section Documentation) | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.16.x antérieures à 9.16.4.85 | ||
| Cisco | IOS | IOS, se référer au bulletin de sécurité de l'éditeur pour les versions vulnérables (cf. section Documentation) | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.19.x et 9.20.x antérieures à 9.20.4.10 | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.12.x antérieures à 9.12.4.72 | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.23.x antérieures à 9.23.1.19 | ||
| Cisco | Firepower Threat Defense | Firewall Threat Defense (FTD) versions 7.0.x antérieures à 7.0.8.1 | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.22.x antérieures à 9.22.2.14 | ||
| Cisco | IOS XR | IOS XR version 6.8 sur architecture 32 bits | ||
| Cisco | IOS XR | IOS XR version 6.9 sur architecture 32 bits | ||
| Cisco | Firepower Threat Defense | Firewall Threat Defense (FTD) versions 7.6.x antérieures à 7.6.2.1 | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.14.x antérieures à 9.14.4.28 | ||
| Cisco | Firepower Threat Defense | Firewall Threat Defense (FTD) versions 7.1.x et 7.2.x antérieures à 7.2.10.2 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firewall Threat Defense (FTD) versions 7.7.x ant\u00e9rieures \u00e0 7.7.10.1",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.17.x et 9.18.x ant\u00e9rieures \u00e0 9.18.4.67",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firewall Threat Defense (FTD) versions 7.3.x et 7.4.x ant\u00e9rieures \u00e0 7.4.2.4",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les versions vuln\u00e9rables (cf. section Documentation)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.16.x ant\u00e9rieures \u00e0 9.16.4.85",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les versions vuln\u00e9rables (cf. section Documentation)",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.19.x et 9.20.x ant\u00e9rieures \u00e0 9.20.4.10",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.12.x ant\u00e9rieures \u00e0 9.12.4.72",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.23.x ant\u00e9rieures \u00e0 9.23.1.19",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firewall Threat Defense (FTD) versions 7.0.x ant\u00e9rieures \u00e0 7.0.8.1",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.22.x ant\u00e9rieures \u00e0 9.22.2.14",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XR version 6.8 sur architecture 32 bits",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XR version 6.9 sur architecture 32 bits",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firewall Threat Defense (FTD) versions 7.6.x ant\u00e9rieures \u00e0 7.6.2.1 ",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.14.x ant\u00e9rieures \u00e0 9.14.4.28",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firewall Threat Defense (FTD) versions 7.1.x et 7.2.x ant\u00e9rieures \u00e0 7.2.10.2",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20333",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20333"
},
{
"name": "CVE-2025-20362",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20362"
},
{
"name": "CVE-2025-20363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20363"
}
],
"initial_release_date": "2025-09-25T00:00:00",
"last_revision_date": "2025-09-25T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0819",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n\nCisco indique que les vuln\u00e9rabilit\u00e9s CVE-2025-20333 et CVE-2025-20362 sont activement exploit\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2025-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-http-code-exec-WmfP3h3O",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O"
},
{
"published_at": "2025-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-asaftd-webvpn-z5xP8EUB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB"
},
{
"published_at": "2025-09-25",
"title": "Billet de blogue Cisco asa_ftd_continued_attacks",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks"
},
{
"published_at": "2025-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-asaftd-webvpn-YROOTUW",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW"
}
]
}
CERTFR-2025-AVI-0818
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Cisco IOS et IOS XE. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Cisco indique que la vulnérabilité CVE-2025-20352 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IOS XE, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les versions vuln\u00e9rables (cf. section Documentation)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les versions vuln\u00e9rables (cf. section Documentation)",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20334",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20334"
},
{
"name": "CVE-2025-20160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20160"
},
{
"name": "CVE-2025-20313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20313"
},
{
"name": "CVE-2025-20327",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20327"
},
{
"name": "CVE-2025-20311",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20311"
},
{
"name": "CVE-2025-20315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20315"
},
{
"name": "CVE-2025-20312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20312"
},
{
"name": "CVE-2025-20352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20352"
},
{
"name": "CVE-2025-20314",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20314"
}
],
"initial_release_date": "2025-09-25T00:00:00",
"last_revision_date": "2025-09-25T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0818",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco IOS et IOS XE. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n\nCisco indique que la vuln\u00e9rabilit\u00e9 CVE-2025-20352 est activement exploit\u00e9e.\n\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco IOS et IOS XE",
"vendor_advisories": [
{
"published_at": "2025-09-24",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cat9k-PtmD7bgy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat9k-PtmD7bgy"
},
{
"published_at": "2025-09-24",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-tacacs-hdB7thJw",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-tacacs-hdB7thJw"
},
{
"published_at": "2025-09-24",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-snmpwred-x3MJyf5M",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpwred-x3MJyf5M"
},
{
"published_at": "2025-09-24",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-snmp-x4LPhte",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte"
},
{
"published_at": "2025-09-24",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-xe-cmd-inject-rPJM8BGL",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cmd-inject-rPJM8BGL"
},
{
"published_at": "2025-09-24",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-invalid-url-dos-Nvxszf6u",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-invalid-url-dos-Nvxszf6u"
},
{
"published_at": "2025-09-24",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nbar-dos-LAvwTmeT",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nbar-dos-LAvwTmeT"
},
{
"published_at": "2025-09-24",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-secboot-UqFD8AvC",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secboot-UqFD8AvC"
}
]
}
CERTFR-2025-AVI-0378
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Catalyst Center | Catalyst Center versions antérieures à 2.3.7.9 | ||
| Cisco | Catalyst SD-WAN | Catalyst SD-WAN Manager versions 20.13.x, 20.14.x et 20.15.x antérieures à 20.15.2 | ||
| Cisco | Catalyst SD-WAN | Catalyst SD-WAN Manager versions 20.16.x antérieures à 20.16.1 | ||
| Cisco | IOS XR | IOS XR versions antérieures à 24.3.2 | ||
| Cisco | WLC AireOS | WLC AireOS versions antérieures à 8.10.196.0 | ||
| Cisco | Catalyst SD-WAN | Catalyst SD-WAN Manager versions antérieures à 20.9.7 | ||
| Cisco | IOS XE | IOS XE : Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des configurations vulnérables des équipements (cf. section Documentation). | ||
| Cisco | Catalyst SD-WAN | Catalyst SD-WAN Manager versions 20.10.x, 20.11.x et 20.12.x antérieures à 20.12.5 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Catalyst Center versions ant\u00e9rieures \u00e0 2.3.7.9",
"product": {
"name": "Catalyst Center",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Catalyst SD-WAN Manager versions 20.13.x, 20.14.x et 20.15.x ant\u00e9rieures \u00e0 20.15.2",
"product": {
"name": "Catalyst SD-WAN",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Catalyst SD-WAN Manager versions 20.16.x ant\u00e9rieures \u00e0 20.16.1",
"product": {
"name": "Catalyst SD-WAN",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XR versions ant\u00e9rieures \u00e0 24.3.2",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "WLC AireOS versions ant\u00e9rieures \u00e0 8.10.196.0",
"product": {
"name": "WLC AireOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Catalyst SD-WAN Manager versions ant\u00e9rieures \u00e0 20.9.7",
"product": {
"name": "Catalyst SD-WAN",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE : Se r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des configurations vuln\u00e9rables des \u00e9quipements (cf. section Documentation).",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Catalyst SD-WAN Manager versions 20.10.x, 20.11.x et 20.12.x ant\u00e9rieures \u00e0 20.12.5",
"product": {
"name": "Catalyst SD-WAN",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20189"
},
{
"name": "CVE-2025-20192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20192"
},
{
"name": "CVE-2025-20199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20199"
},
{
"name": "CVE-2025-20191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20191"
},
{
"name": "CVE-2025-20188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20188"
},
{
"name": "CVE-2025-20198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20198"
},
{
"name": "CVE-2025-20181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20181"
},
{
"name": "CVE-2025-20122",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20122"
},
{
"name": "CVE-2025-20202",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20202"
},
{
"name": "CVE-2025-20210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20210"
},
{
"name": "CVE-2025-20162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20162"
},
{
"name": "CVE-2025-20200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20200"
},
{
"name": "CVE-2025-20154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20154"
},
{
"name": "CVE-2025-20140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20140"
},
{
"name": "CVE-2025-20201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20201"
},
{
"name": "CVE-2025-20186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20186"
},
{
"name": "CVE-2025-20182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20182"
},
{
"name": "CVE-2025-20197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20197"
},
{
"name": "CVE-2025-20164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20164"
}
],
"initial_release_date": "2025-05-09T00:00:00",
"last_revision_date": "2025-05-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0378",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-ikev1-dos-XHk3HzFC",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ikev1-dos-XHk3HzFC"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-twamp-kV4FHugn",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-privesc-su7scvdp",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-privesc-su7scvdp"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sisf-dos-ZGwt4DdY",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sisf-dos-ZGwt4DdY"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webui-cmdinj-gVn3OKNC",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-gVn3OKNC"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-http-privesc-wCRd5e3",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ewlc-cdp-dos-fpeks9K",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-cdp-dos-fpeks9K"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wlc-wncd-p6Gvt6HL",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-p6Gvt6HL"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-dnac-api-nBPZcJCM",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-api-nBPZcJCM"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-c2960-3560-sboot-ZtqADrHq",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c2960-3560-sboot-ZtqADrHq"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-multiprod-ikev2-dos-gPctUqv2",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multiprod-ikev2-dos-gPctUqv2"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-priviesc-WCk7bmmt",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-priviesc-WCk7bmmt"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wlc-file-uplpd-rHZG9UfC",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC"
},
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-dhcpsn-dos-xBn8Mtks",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcpsn-dos-xBn8Mtks"
}
]
}
CERTFR-2025-AVI-0100
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IOS | IOS versions 15.2E antérieures à 15.2(7)E12 (disponibilité prévue pour mars 2025) | ||
| Cisco | N/A | ISE versions 3.3 antérieures à 3.3P4 | ||
| Cisco | IOS XE | IOS XE Software versions 16.12 antérieures à 16.12.13 (disponibilité prévue pour mars 2025) | ||
| Cisco | IOS XR | IOS XR Software versions 24.2 antérieures à 24.2.21 | ||
| Cisco | N/A | ISE versions 3.2 antérieures à 3.2P7 | ||
| Cisco | IOS XR | IOS XR Software versions postérieures à 24.3 et antérieures à 24.4.2 | ||
| Cisco | IOS XE | IOS XE Software versions 3.11E antérieures à 3.11.12E (disponibilité prévue pour mars 2025) | ||
| Cisco | IOS XR | IOS XR Software versions 25.2 antérieures à 25.2.1 | ||
| Cisco | N/A | ISE versions postérieures à 3.0 et antérieures à 3.1P10 | ||
| Cisco | IOS XE | IOS XE Software versions 17.15 antérieures à 17.15.3 (disponibilité prévue pour mars 2025) | ||
| Cisco | IOS | IOS versions 15.5SY antérieures à 15.5(1)SY15 (disponibilité prévue pour mars 2025) | ||
| Cisco | IOS XE | IOS XE Software versions 17.9 antérieures à 17.9.7 (disponibilité prévue pour mars 2025) | ||
| Cisco | IOS | IOS versions 15.9M antérieures à 15.9(3)M11 (disponibilité prévue pour février 2025) | ||
| Cisco | IOS XE | IOS XE Software versions 17.12 antérieures à 17.12.5 (disponibilité prévue pour février 2025) |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IOS versions 15.2E ant\u00e9rieures \u00e0 15.2(7)E12 (disponibilit\u00e9 pr\u00e9vue pour mars 2025)",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ISE versions 3.3 ant\u00e9rieures \u00e0 3.3P4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE Software versions 16.12 ant\u00e9rieures \u00e0 16.12.13 (disponibilit\u00e9 pr\u00e9vue pour mars 2025)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XR Software versions 24.2 ant\u00e9rieures \u00e0 24.2.21",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ISE versions 3.2 ant\u00e9rieures \u00e0 3.2P7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XR Software versions post\u00e9rieures \u00e0 24.3 et ant\u00e9rieures \u00e0 24.4.2",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE Software versions 3.11E ant\u00e9rieures \u00e0 3.11.12E (disponibilit\u00e9 pr\u00e9vue pour mars 2025)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XR Software versions 25.2 ant\u00e9rieures \u00e0 25.2.1",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ISE versions post\u00e9rieures \u00e0 3.0 et ant\u00e9rieures \u00e0 3.1P10",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE Software versions 17.15 ant\u00e9rieures \u00e0 17.15.3 (disponibilit\u00e9 pr\u00e9vue pour mars 2025)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS versions 15.5SY ant\u00e9rieures \u00e0 15.5(1)SY15 (disponibilit\u00e9 pr\u00e9vue pour mars 2025)",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE Software versions 17.9 ant\u00e9rieures \u00e0 17.9.7 (disponibilit\u00e9 pr\u00e9vue pour mars 2025)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS versions 15.9M ant\u00e9rieures \u00e0 15.9(3)M11 (disponibilit\u00e9 pr\u00e9vue pour f\u00e9vrier 2025)",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE Software versions 17.12 ant\u00e9rieures \u00e0 17.12.5 (disponibilit\u00e9 pr\u00e9vue pour f\u00e9vrier 2025)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20174"
},
{
"name": "CVE-2025-20173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20173"
},
{
"name": "CVE-2025-20170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20170"
},
{
"name": "CVE-2025-20125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20125"
},
{
"name": "CVE-2025-20172",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20172"
},
{
"name": "CVE-2025-20169",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20169"
},
{
"name": "CVE-2025-20175",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20175"
},
{
"name": "CVE-2025-20124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20124"
},
{
"name": "CVE-2025-20176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20176"
},
{
"name": "CVE-2025-20171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20171"
}
],
"initial_release_date": "2025-02-06T00:00:00",
"last_revision_date": "2025-02-06T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0100",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2025-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ise-multivuls-FTW9AOXF",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF"
},
{
"published_at": "2025-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-snmp-dos-sdxnSUcW",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-sdxnSUcW"
}
]
}
CERTFR-2024-AVI-0813
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une injection de requêtes illégitimes par rebond (CSRF) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que les versions 2.3.6.x de Catalyst Center sont également affectées par la vulnérabilité CVE-2024-20350 mais ne bénéficieront pas d'un correctif de sécurité.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IOS | IOs avec la fonctionnalité RSVP activée sans les derniers correctifs de sécurité (se référer au site de l'éditeur pour les versions affectées) | ||
| Cisco | Catalyst SD-WAN | 1000 Series Integrated Services Routers (ISRs), Catalyst 8000v Edge Software, Catalyst 8200 Series Edge Platforms, Catalyst 8300 Series Edge Platforms, Catalyst 8500L Edge Platforms, Catalyst IR8300 Rugged Series Routers avec la fonctionnalité UTD installée et activée, avec des tunnels SD-WAN configurés pour utiliser IPSec et sans les derniers correctifs de sécurité | ||
| Cisco | Catalyst Center | Catalyst Center versions 2.3.7.x antérieures à 2.3.7.5 | ||
| Cisco | IOS XE | IOS XE sans les derniers correctifs de sécurité (se référer au site de l'éditeur pour les versions affectées) | ||
| Cisco | Catalyst Center | Catalyst Center versions antérieures à 2.3.5.6 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IOs avec la fonctionnalit\u00e9 RSVP activ\u00e9e sans les derniers correctifs de s\u00e9curit\u00e9 (se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour les versions affect\u00e9es)",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "1000 Series Integrated Services Routers (ISRs), Catalyst 8000v Edge Software, Catalyst 8200 Series Edge Platforms, Catalyst 8300 Series Edge Platforms, Catalyst 8500L Edge Platforms, Catalyst IR8300 Rugged Series Routers avec la fonctionnalit\u00e9 UTD install\u00e9e et activ\u00e9e, avec des tunnels SD-WAN configur\u00e9s pour utiliser IPSec et sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Catalyst SD-WAN",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Catalyst Center versions 2.3.7.x ant\u00e9rieures \u00e0 2.3.7.5",
"product": {
"name": "Catalyst Center",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE sans les derniers correctifs de s\u00e9curit\u00e9 (se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour les versions affect\u00e9es)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Catalyst Center versions ant\u00e9rieures \u00e0 2.3.5.6",
"product": {
"name": "Catalyst Center",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur indique que les versions 2.3.6.x de Catalyst Center sont \u00e9galement affect\u00e9es par la vuln\u00e9rabilit\u00e9 CVE-2024-20350 mais ne b\u00e9n\u00e9ficieront pas d\u0027un correctif de s\u00e9curit\u00e9. ",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20480",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20480"
},
{
"name": "CVE-2024-20437",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20437"
},
{
"name": "CVE-2024-20455",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20455"
},
{
"name": "CVE-2024-20350",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20350"
},
{
"name": "CVE-2024-20464",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20464"
},
{
"name": "CVE-2024-20436",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20436"
},
{
"name": "CVE-2024-20433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20433"
},
{
"name": "CVE-2024-20467",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20467"
}
],
"initial_release_date": "2024-09-26T00:00:00",
"last_revision_date": "2024-09-26T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0813",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2024-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webui-csrf-ycUYxkKO",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-csrf-ycUYxkKO"
},
{
"published_at": "2024-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-pim-APbVfySJ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pim-APbVfySJ"
},
{
"published_at": "2024-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-dnac-ssh-e4uOdASj",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ssh-e4uOdASj"
},
{
"published_at": "2024-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-rsvp-dos-OypvgVZf",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rsvp-dos-OypvgVZf"
},
{
"published_at": "2024-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-xe-sda-edge-dos-MBcbG9k",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-MBcbG9k"
},
{
"published_at": "2024-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-utd-dos-hDATqxs",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-utd-dos-hDATqxs"
},
{
"published_at": "2024-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-httpsrvr-dos-yOZThut",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-httpsrvr-dos-yOZThut"
},
{
"published_at": "2024-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cpp-vfr-dos-nhHKGgO",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpp-vfr-dos-nhHKGgO"
}
]
}
CERTFR-2024-AVI-0260
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | les points d'accès gérés par les Catalyst séries 9800 versions 17.4.x à 17.6.x antérieures à 17.6.6 | ||
| Cisco | N/A | Cisco Business Wireless AP versions antérieures à 10.6.2.0 sur les points d'accès Business 150 et les répéteurs Mesh | ||
| Cisco | N/A | Cisco Business Wireless AP versions antérieures à 10.9.1.0 sur les points d'accès Business 140, 141, 142, 143, 145 et 240 et les répéteurs Mesh | ||
| Cisco | N/A | les points d'accès gérés par les Catalyst séries 9800 versions 17.7.x à 17.9.x antérieures à 17.9.5 | ||
| Cisco | N/A | Cisco Wireless LAN Controller (WLC) versions antérieures à 8.10.190.0 sur les points d'accès gérés par WLC ou Mobility Express (ME) | ||
| Cisco | N/A | les points d'accès gérés par les Catalyst séries 9800 versions 17.10.x à 17.11.x antérieures à 17.12.2 | ||
| Cisco | N/A | les points d'accès gérés par les Catalyst séries 9800 versions antérieures à 17.3.8 | ||
| Cisco | IOS XE | Cisco IOS et IOS XE, se référer au site de l'éditeur pour les versions vulnérables (cf. section Documentation) |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "les points d\u0027acc\u00e8s g\u00e9r\u00e9s par les Catalyst s\u00e9ries 9800 versions 17.4.x \u00e0 17.6.x ant\u00e9rieures \u00e0 17.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Business Wireless AP versions ant\u00e9rieures \u00e0 10.6.2.0 sur les points d\u0027acc\u00e8s Business 150 et les r\u00e9p\u00e9teurs Mesh",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Business Wireless AP versions ant\u00e9rieures \u00e0 10.9.1.0 sur les points d\u0027acc\u00e8s Business 140, 141, 142, 143, 145 et 240 et les r\u00e9p\u00e9teurs Mesh",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "les points d\u0027acc\u00e8s g\u00e9r\u00e9s par les Catalyst s\u00e9ries 9800 versions 17.7.x \u00e0 17.9.x ant\u00e9rieures \u00e0 17.9.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wireless LAN Controller (WLC) versions ant\u00e9rieures \u00e0 8.10.190.0 sur les points d\u0027acc\u00e8s g\u00e9r\u00e9s par WLC ou Mobility Express (ME)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "les points d\u0027acc\u00e8s g\u00e9r\u00e9s par les Catalyst s\u00e9ries 9800 versions 17.10.x \u00e0 17.11.x ant\u00e9rieures \u00e0 17.12.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "les points d\u0027acc\u00e8s g\u00e9r\u00e9s par les Catalyst s\u00e9ries 9800 versions ant\u00e9rieures \u00e0 17.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS et IOS XE, se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour les versions vuln\u00e9rables (cf. section Documentation)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20271"
},
{
"name": "CVE-2024-20303",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20303"
},
{
"name": "CVE-2024-20313",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20313"
},
{
"name": "CVE-2024-20265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20265"
},
{
"name": "CVE-2024-20311",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20311"
},
{
"name": "CVE-2024-20308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20308"
},
{
"name": "CVE-2024-20307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20307"
},
{
"name": "CVE-2024-20314",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20314"
},
{
"name": "CVE-2024-20276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20276"
},
{
"name": "CVE-2024-20259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20259"
},
{
"name": "CVE-2024-20312",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20312"
}
],
"initial_release_date": "2024-03-28T00:00:00",
"last_revision_date": "2024-03-28T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0260",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ap-dos-h9TGGX6W du 27 mars 2024",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-dhcp-dos-T3CXPO9z du 27 mars 2024",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dhcp-dos-T3CXPO9z"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG du 27 mars 2024",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ikev1-NO2ccFWz du 27 mars 2024",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev1-NO2ccFWz"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ap-secureboot-bypass-zT5vJkSD du 27 mars 2024",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-lisp-3gYXs3qP du 27 mars 2024",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lisp-3gYXs3qP"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wlc-mdns-dos-4hv6pBGf du 27 mars 2024",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-mdns-dos-4hv6pBGf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-isis-sGjyOUHX du 27 mars 2024",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-sGjyOUHX"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-dos-Hq4d3tZG du 27 mars 2024",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-dos-Hq4d3tZG"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-ospf-dos-dR9Sfrxp du 27 mars 2024",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ospf-dos-dR9Sfrxp"
}
]
}
CERTFR-2023-AVI-0878
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Cisco IOS XE. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une élévation de privilèges.
Ces vulnérabilités sont activement exploitées.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IOS XE versions 17.6.x ant\u00e9rieures \u00e0 17.6.6a",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE sur Catalyst 3650 et 3850 versions 16.12.x ant\u00e9rieures \u00e0 16.12.10a",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE versions 17.3.x ant\u00e9rieures \u00e0 17.3.8a",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE versions 17.9.x ant\u00e9rieures \u00e0 17.9.4a",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20198",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20198"
},
{
"name": "CVE-2023-20273",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20273"
}
],
"initial_release_date": "2023-10-23T00:00:00",
"last_revision_date": "2023-11-03T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0878",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-23T00:00:00.000000"
},
{
"description": "Les versions 17.6.6a et 16.12.10a sont disponibles.",
"revision_date": "2023-10-30T00:00:00.000000"
},
{
"description": "La version 17.3.8a est disponible.",
"revision_date": "2023-11-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco IOS XE. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun contournement de la politique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n\nCes vuln\u00e9rabilit\u00e9s sont activement exploit\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco IOS XE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-webui-privesc-j22SaA4z du 16 octobre 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z"
}
]
}
CERTFR-2023-AVI-0256
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, une élévation de privilèges, un contournement de la politique de sécurité et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Wireless LAN Controller versions 8.9.x et 8.10.x antérieures à 8.10.171.0 | ||
| Cisco | N/A | Cisco Catalyst 9800 Series Wireless Controller versions antérieures à 16.12.8 | ||
| Cisco | IOS | Cisco IOS, veuillez-vous référer aux avis éditeurs pour obtenir les correctifs de sécurité liés à votre produit | ||
| Cisco | N/A | Cisco Catalyst 9800 Series Wireless Controller versions 17.1.x à 17.3.x antérieures à 17.3.5 | ||
| Cisco | N/A | Cisco DNA Center Release versions antérieures à 2.3.3.6 | ||
| Cisco | N/A | Cisco Business 150 AP and 151 Mesh Extender versions antérieures à 10.3.2.0 | ||
| Cisco | N/A | Cisco Catalyst 9800 Series Wireless Controller versions 17.4.x à 17.6.x antérieures à 17.6.3 | ||
| Cisco | IOS XE | Cisco IOS XE SD-WAN, veuillez-vous référer aux avis éditeurs pour obtenir les correctifs de sécurité liés à votre produit | ||
| Cisco | N/A | Cisco Catalyst 9800 Series Wireless Controller versions 17.7.x antérieures à 17.8.x | ||
| Cisco | IOS XE | Cisco IOS XE, veuillez-vous référer aux avis éditeurs pour obtenir les correctifs de sécurité liés à votre produit | ||
| Cisco | N/A | Cisco DNA Center Release versions 2.3.4.x antérieures à 2.3.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Wireless LAN Controller versions 8.9.x et 8.10.x ant\u00e9rieures \u00e0 8.10.171.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9800 Series Wireless Controller versions ant\u00e9rieures \u00e0 16.12.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS, veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs pour obtenir les correctifs de s\u00e9curit\u00e9 li\u00e9s \u00e0 votre produit",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9800 Series Wireless Controller versions 17.1.x \u00e0 17.3.x ant\u00e9rieures \u00e0 17.3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco DNA Center Release versions ant\u00e9rieures \u00e0 2.3.3.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Business 150 AP and 151 Mesh Extender versions ant\u00e9rieures \u00e0 10.3.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9800 Series Wireless Controller versions 17.4.x \u00e0 17.6.x ant\u00e9rieures \u00e0 17.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE SD-WAN, veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs pour obtenir les correctifs de s\u00e9curit\u00e9 li\u00e9s \u00e0 votre produit",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9800 Series Wireless Controller versions 17.7.x ant\u00e9rieures \u00e0 17.8.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE, veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs pour obtenir les correctifs de s\u00e9curit\u00e9 li\u00e9s \u00e0 votre produit",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco DNA Center Release versions 2.3.4.x ant\u00e9rieures \u00e0 2.3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20055",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20055"
},
{
"name": "CVE-2023-20067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20067"
},
{
"name": "CVE-2023-20072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20072"
},
{
"name": "CVE-2023-20065",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20065"
},
{
"name": "CVE-2023-20112",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20112"
},
{
"name": "CVE-2023-20035",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20035"
}
],
"initial_release_date": "2023-03-23T00:00:00",
"last_revision_date": "2023-03-23T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0256",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eCisco\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges, un\ncontournement de la politique de s\u00e9curit\u00e9 et une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-dnac-privesc-QFXe74RS du 22 mars 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-privesc-QFXe74RS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iox-priv-escalate-Xg8zkyPk du 22 mars 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-priv-escalate-Xg8zkyPk"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-xe-sdwan-VQAhEjYw du 22 mars 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sdwan-VQAhEjYw"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ap-assoc-dos-D2SunWK2 du 22 mars 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-assoc-dos-D2SunWK2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-c9300-spi-ace-yejYgnNQ du 22 mars 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9300-spi-ace-yejYgnNQ"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-dhcpv6-dos-44cMvdDK du 22 mars 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-dhcpv6-dos-44cMvdDK"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ewlc-dos-wFujBHKw du 22 mars 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-dos-wFujBHKw"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ipv4-vfr-dos-CXxtFacb du 22 mars 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv4-vfr-dos-CXxtFacb"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-gre-crash-p6nE5Sq5 du 22 mars 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-gre-crash-p6nE5Sq5"
}
]
}
CERTFR-2023-AVI-0083
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Cisco IOx. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IOS XE | IOS XE versions antérieures à 17.6.5, 17.9.2 et 17.10.1 (pour plus d'informations, se référer à l'automate de vérification de la section Cisco IOS and IOS XE Software du bulletin de l'éditeur) | ||
| Cisco | N/A | Routeurs industriels à service intégrés Cisco séries 800 versions antérieures à 15.9(3)M7 | ||
| Cisco | N/A | Routeurs industriels IR510 WPAN sans le dernier correctif prévu pour février 2023 | ||
| Cisco | N/A | Points d'accès Catalysts (COS-APs) versions antérieures à 17.3.8, 17.9.2 et 17.11.1 | ||
| Cisco | N/A | IC3000 Industrial Compute Gateways versions antérieures à 1.2.1 | ||
| Cisco | N/A | CGR1000 Compute Modules sans le dernier correctif prévu pour février 2023 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IOS XE versions ant\u00e9rieures \u00e0 17.6.5, 17.9.2 et 17.10.1 (pour plus d\u0027informations, se r\u00e9f\u00e9rer \u00e0 l\u0027automate de v\u00e9rification de la section Cisco IOS and IOS XE Software du bulletin de l\u0027\u00e9diteur)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Routeurs industriels \u00e0 service int\u00e9gr\u00e9s Cisco s\u00e9ries 800 versions ant\u00e9rieures \u00e0 15.9(3)M7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Routeurs industriels IR510 WPAN sans le dernier correctif pr\u00e9vu pour f\u00e9vrier 2023",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Points d\u0027acc\u00e8s Catalysts (COS-APs) versions ant\u00e9rieures \u00e0 17.3.8, 17.9.2 et 17.11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IC3000 Industrial Compute Gateways versions ant\u00e9rieures \u00e0 1.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CGR1000 Compute Modules sans le dernier correctif pr\u00e9vu pour f\u00e9vrier 2023",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20076",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20076"
}
],
"initial_release_date": "2023-02-02T00:00:00",
"last_revision_date": "2023-02-02T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0083",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco IOx. Elle permet \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco IOx",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iox-8whGn5dL du 01 f\u00e9vrier 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL"
}
]
}
CERTFR-2022-AVI-863
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IOS XE | Cisco IOS XE sans le dernier correctif | ||
| Cisco | N/A | ASR gamme 1000 Embedded Services Processors models ESP 100-X et ESP 200-X | ||
| Cisco | IOS XE | Catalyst gamme 9800 Wireless Controllers sans le dernier correctif de Cisco IOS XE | ||
| Cisco | IOS XE | Catalyst gamme 3850 sans le dernier correctif de Cisco IOS XE | ||
| Cisco | N/A | Cisco SD-WAN versions 20.7.x antérieures à 20.7.2 | ||
| Cisco | IOS | Cisco IOS sans le dernier correctif | ||
| Cisco | IOS XE | Catalyst gamme 3650 sans le dernier correctif de Cisco IOS XE | ||
| Cisco | IOS XE | Catalyst gamme 9400 sans le dernier correctif de Cisco IOS XE | ||
| Cisco | IOS XE | Catalyst gamme 9100 sans le dernier correctif de Cisco IOS XE | ||
| Cisco | IOS XE | Catalyst gamme 9600 sans le dernier correctif de Cisco IOS XE | ||
| Cisco | IOS XE | Catalyst 9800-CL Wireless Controllers pour Cloud sans le dernier correctif de Cisco IOS XE | ||
| Cisco | IOS XE | Catalyst gamme 9500 sans le dernier correctif de Cisco IOS XE | ||
| Cisco | IOS XE | Catalyst gamme 9300 sans le dernier correctif de Cisco IOS XE | ||
| Cisco | N/A | Catalyst gamme 8500 Edge Platforms models C8500-12X4QC et C8500-12X | ||
| Cisco | IOS XE | Catalyst 9800 Embedded Wireless Controllers pour les gammes Catalyst 9300, 9400, et 9500 sans le dernier correctif de Cisco IOS XE | ||
| Cisco | N/A | Cisco WLC AireOS versions antérieures à 8.10.171.0 | ||
| Cisco | N/A | Cisco SD-WAN versions antérieures à 20.6.4 | ||
| Cisco | N/A | Cisco SD-WAN versions 20.8.x antérieures à 20.8.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IOS XE sans le dernier correctif",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ASR gamme 1000 Embedded Services Processors models ESP 100-X et ESP 200-X",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Catalyst gamme 9800 Wireless Controllers sans le dernier correctif de Cisco IOS XE",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Catalyst gamme 3850 sans le dernier correctif de Cisco IOS XE",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN versions 20.7.x ant\u00e9rieures \u00e0 20.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS sans le dernier correctif",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Catalyst gamme 3650 sans le dernier correctif de Cisco IOS XE",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Catalyst gamme 9400 sans le dernier correctif de Cisco IOS XE",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Catalyst gamme 9100 sans le dernier correctif de Cisco IOS XE",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Catalyst gamme 9600 sans le dernier correctif de Cisco IOS XE",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Catalyst 9800-CL Wireless Controllers pour Cloud sans le dernier correctif de Cisco IOS XE",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Catalyst gamme 9500 sans le dernier correctif de Cisco IOS XE",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Catalyst gamme 9300 sans le dernier correctif de Cisco IOS XE",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Catalyst gamme 8500 Edge Platforms models C8500-12X4QC et C8500-12X",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Catalyst 9800 Embedded Wireless Controllers pour les gammes Catalyst 9300, 9400, et 9500 sans le dernier correctif de Cisco IOS XE",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WLC AireOS versions ant\u00e9rieures \u00e0 8.10.171.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN versions ant\u00e9rieures \u00e0 20.6.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN versions 20.8.x ant\u00e9rieures \u00e0 20.8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-20769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20769"
},
{
"name": "CVE-2022-20837",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20837"
},
{
"name": "CVE-2022-20848",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20848"
},
{
"name": "CVE-2022-20915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20915"
},
{
"name": "CVE-2022-20847",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20847"
},
{
"name": "CVE-2022-20855",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20855"
},
{
"name": "CVE-2022-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20919"
},
{
"name": "CVE-2022-20775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20775"
},
{
"name": "CVE-2022-20870",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20870"
},
{
"name": "CVE-2022-20920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20920"
},
{
"name": "CVE-2022-20856",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20856"
},
{
"name": "CVE-2022-20818",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20818"
},
{
"name": "CVE-2022-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20945"
},
{
"name": "CVE-2022-20944",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20944"
}
],
"initial_release_date": "2022-09-29T00:00:00",
"last_revision_date": "2022-09-29T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-863",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-6vpe-dos-tJBtf5Zv du 28 septembre 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-6vpe-dos-tJBtf5Zv"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sd-wan-priv-E6e8tEdF du 28 septembre 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-alg-dos-KU9Z8kFX du 28 septembre 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-KU9Z8kFX"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-xe-cat-verify-D4NEQA6q du 28 septembre 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-D4NEQA6q"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ewc-priv-esc-nderYLtK du 28 septembre 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wlc-udp-dos-XDyEwhNz du 28 septembre 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-udp-dos-XDyEwhNz"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-mpls-dos-Ab4OUL3 du 28 septembre 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-mpls-dos-Ab4OUL3"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wlc-dos-mKGRrsCB du 28 septembre 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-mKGRrsCB"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-cip-dos-9rTbKLt9 du 28 septembre 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cip-dos-9rTbKLt9"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ap-assoc-dos-EgVqtON8 du 28 septembre 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-assoc-dos-EgVqtON8"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ssh-excpt-dos-FzOBQTnk du 28 septembre 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wlc-dhcp-dos-76pCjPxK du 28 septembre 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dhcp-dos-76pCjPxK"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-c9800-mob-dos-342YAc6J du 28 septembre 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-mob-dos-342YAc6J"
}
]
}
CERTFR-2022-AVI-338
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs et des mesures de contournement (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IOS | Cisco IOS avec une configuration HTTP Server spécifique décrite dans l'avis de sécurité de l'éditeur | ||
| Cisco | N/A | Cisco Wireless LAN Controller versions 8.10.151.0 et suivantes antérieures à 8.10.171.0 | ||
| Cisco | IOS | Cisco logiciel IOS versions 15.2(7)E.x antérieures à 15.2(7)E5 | ||
| Cisco | IOS | Cisco logiciel IOS versions 15.2(8)E.x antérieures à 15.2(8)E1 | ||
| Cisco | N/A | Cisco gamme de commutateurs Catalyst 9400 | ||
| Cisco | N/A | Cisco SD-WAN versions 20.7.x antérieures à 20.7.1 | ||
| Cisco | N/A | Cisco 1000 Series Integrated Services Routers | ||
| Cisco | N/A | Cisco Embedded Wireless Controller avec le logiciel Catalyst Access Points versions 17.3.x antérieures à 17.3.4 | ||
| Cisco | N/A | Cisco 4000 Series Integrated Services Routers | ||
| Cisco | IOS XR | Cisco IOS XR versions 7.3.x antérieures à 7.3.2 | ||
| Cisco | IOS XE | Cisco IOS XE entre les séries de versions 3SE et 3E | ||
| Cisco | IOS XR | Cisco IOS XR versions 7.1.2 sans le SMU asr9k-x64-7.1.2.CSCvy48962 ou le service pack asr9k-px-7.1.2.k9-sp1.tar | ||
| Cisco | N/A | Cisco gamme de commutateurs Catalyst 9300 | ||
| Cisco | N/A | Cisco Embedded Wireless Controller avec le logiciel Catalyst Access Points versions 17.6.x antérieures à 17.6.1 | ||
| Cisco | N/A | Cisco gamme de routeurs Catalyst 8300 | ||
| Cisco | N/A | Cisco Catalyst 9800 Series Wireless Controllers | ||
| Cisco | N/A | Cisco 1000 Series Connected Grid Router (CGR1K) | ||
| Cisco | N/A | Cisco Cloud Services Router 1000V Series | ||
| Cisco | N/A | Cisco Catalyst 9800 Embedded Wireless Controllers pour la gamme de commutateurs Catalyst 9300, 9400 et 9500 | ||
| Cisco | N/A | Cisco routeurs ASR 1001-X | ||
| Cisco | N/A | Cisco gamme de commutateurs Catalyst 9500 | ||
| Cisco | N/A | Cisco routeurs ASR 1002-X | ||
| Cisco | IOS XE | Cisco IOS XE versions antérieures à 17.3.1 | ||
| Cisco | N/A | Cisco Embedded Wireless Controllers sur Catalyst Access Points | ||
| Cisco | N/A | Cisco logiciel Catalyst 8000V Edge | ||
| Cisco | N/A | Cisco Catalyst 9800-CL Wireless Controllers pour le Cloud | ||
| Cisco | N/A | Cisco gamme de routeurs Catalyst 8500 | ||
| Cisco | IOS XR | Cisco IOS XR versions 7.1.3 sans le SMU asr9k-x64-7.1.3.CSCvz75757 | ||
| Cisco | N/A | Cisco SD-WAN versions 20.6.x antérieures à 20.6.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IOS avec une configuration HTTP Server sp\u00e9cifique d\u00e9crite dans l\u0027avis de s\u00e9curit\u00e9 de l\u0027\u00e9diteur",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wireless LAN Controller versions 8.10.151.0 et suivantes ant\u00e9rieures \u00e0 8.10.171.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco logiciel IOS versions 15.2(7)E.x ant\u00e9rieures \u00e0 15.2(7)E5",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco logiciel IOS versions 15.2(8)E.x ant\u00e9rieures \u00e0 15.2(8)E1",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco gamme de commutateurs Catalyst 9400",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN versions 20.7.x ant\u00e9rieures \u00e0 20.7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 1000 Series Integrated Services Routers",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Embedded Wireless Controller avec le logiciel Catalyst Access Points versions 17.3.x ant\u00e9rieures \u00e0 17.3.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 4000 Series Integrated Services Routers",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE entre les s\u00e9ries de versions 3SE et 3E",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 7.1.2 sans le SMU asr9k-x64-7.1.2.CSCvy48962 ou le service pack asr9k-px-7.1.2.k9-sp1.tar",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco gamme de commutateurs Catalyst 9300",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Embedded Wireless Controller avec le logiciel Catalyst Access Points versions 17.6.x ant\u00e9rieures \u00e0 17.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco gamme de routeurs Catalyst 8300",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9800 Series Wireless Controllers",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 1000 Series Connected Grid Router (CGR1K)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Cloud Services Router 1000V Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9800 Embedded Wireless Controllers pour la gamme de commutateurs Catalyst 9300, 9400 et 9500",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco routeurs ASR 1001-X",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco gamme de commutateurs Catalyst 9500",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco routeurs ASR 1002-X",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE versions ant\u00e9rieures \u00e0 17.3.1",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Embedded Wireless Controllers sur Catalyst Access Points",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco logiciel Catalyst 8000V Edge",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9800-CL Wireless Controllers pour le Cloud",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco gamme de routeurs Catalyst 8500",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 7.1.3 sans le SMU asr9k-x64-7.1.3.CSCvz75757",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN versions 20.6.x ant\u00e9rieures \u00e0 20.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs et des mesures de contournement (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-20683",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20683"
},
{
"name": "CVE-2022-20739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20739"
},
{
"name": "CVE-2022-20716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20716"
},
{
"name": "CVE-2022-20761",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20761"
},
{
"name": "CVE-2022-20678",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20678"
},
{
"name": "CVE-2022-20681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20681"
},
{
"name": "CVE-2022-20731",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20731"
},
{
"name": "CVE-2022-20695",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20695"
},
{
"name": "CVE-2022-20684",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20684"
},
{
"name": "CVE-2022-20692",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20692"
},
{
"name": "CVE-2022-20622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20622"
},
{
"name": "CVE-2022-20697",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20697"
},
{
"name": "CVE-2022-20661",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20661"
},
{
"name": "CVE-2022-20714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20714"
},
{
"name": "CVE-2022-20682",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20682"
}
],
"initial_release_date": "2022-04-14T00:00:00",
"last_revision_date": "2022-04-14T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-338",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-c9800-snmp-trap-dos-mjent3Ey du 13 avril 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-snmp-trap-dos-mjent3Ey"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ewlc-priv-esc-ybvHKO5 du 13 avril 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-priv-esc-ybvHKO5"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ncossh-dos-ZAkfOdq8 du 13 avril 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncossh-dos-ZAkfOdq8"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-c9800-fnf-dos-bOL5vLge du 13 avril 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-fnf-dos-bOL5vLge"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cdb-cmicr-vulns-KJjFtNb du 13 avril 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdb-cmicr-vulns-KJjFtNb"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-privesc-vman-tEJFpBSL du 13 avril 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-vman-tEJFpBSL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-lsplus-Z6AQEOjk du 13 avril 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lsplus-Z6AQEOjk"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-c9800-capwap-mdns-6PSn7gKU du 13 avril 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-capwap-mdns-6PSn7gKU"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sd-wan-file-access-VW36d28P du 13 avril 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-file-access-VW36d28P"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ap-ip-flood-dos-6hxxENVQ du 13 avril 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ip-flood-dos-6hxxENVQ"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wlc-auth-bypass-JRNhV4fF du 13 avril 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-appnav-xe-dos-j5MXTR4 du 13 avril 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appnav-xe-dos-j5MXTR4"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-http-dos-svOdkdBS du 13 avril 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-dos-svOdkdBS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cgr1k-ap-dos-mSZR4QVh du 13 avril 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cgr1k-ap-dos-mSZR4QVh"
}
]
}
CERTFR-2022-AVI-060
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | ConfD | ConfD versions 6.4.x antérieures à 6.4.7.2 et 6.4.8 | ||
| Cisco | Firepower Threat Defense | Cisco Firepower Threat Defense (FTD) Software versions antérieures à 6.4.13 | ||
| Cisco | N/A | Cybervision Software versions antérieures à 4.0.2 | ||
| Cisco | IOS XR | Cisco IOS XR (64-bit) Software versions antérieures à 7.0.2, 7.1.1 | ||
| Cisco | N/A | Cisco Virtual Topology System (VTS) versions antérieures à 2.6.5 | ||
| Cisco | N/A | Cisco SD-WAN vEdge Routers versions antérieures à 18.4.4, 19.2.1, 19.3.0, 20.1.1 | ||
| Cisco | N/A | Cisco Carrier Packet Transport toutes versions (aucun correctif ne sera publié car le produit est en fin de vie) | ||
| Cisco | N/A | Cisco Enterprise NFV Infrastructure Software (NFVIS) versions antérieures à 3.12.1 | ||
| Cisco | ConfD | ConfD versions 6.7.x antérieures à 6.7.1 | ||
| Cisco | N/A | Cisco SD-WAN vSmart Software versions antérieures à 18.4.4, 19.2.1, 19.3.0, 20.1.1 | ||
| Cisco | ConfD | ConfD versions antérieures à 6.3.9.1 | ||
| Cisco | Firepower Threat Defense | Cisco Firepower Threat Defense (FTD) Software versions 6.7.x et 7.0.x antérieures à 7.0.1 | ||
| Cisco | N/A | Cisco Network Services Orchestrator (NSO) versions antérieures à 4.3.9.1, 4.4.5.6, 4.4.8, 4.5.7, 4.6.1.7, 4.6.2, 4.7.1, 5.1.0.1, 5.2 | ||
| Cisco | ConfD | ConfD versions 6.6.x antérieures à 6.6.2 | ||
| Cisco | SD-WAN vManage | Cisco SD-WAN vManage Software versions antérieures à 18.4.4, 19.2.1, 19.3.0, 20.1.1 | ||
| Cisco | N/A | Cisco Ultra Gateway Platform versions antérieures à 6.15.0 | ||
| Cisco | IOS XE | Cisco IOS XE SD-WAN versions antérieures à 16.10.2, 16.12.1b, 17.2.1r | ||
| Cisco | Meraki MX | Meraki MX Series Software toutes versions | ||
| Cisco | N/A | Cisco SD-WAN vBond Software versions antérieures à 18.4.4, 19.2.1, 19.3.0, 20.1.1 | ||
| Cisco | Firepower Threat Defense | Cisco Firepower Threat Defense (FTD) Software versions 6.5.x et 6.6.x antérieures à 6.6.5.1 | ||
| Cisco | N/A | Cisco RCM pour StarOS versions antérieures à 21.25.4 | ||
| Cisco | N/A | Cisco Network Convergence System (NCS) 4009, 4016 versions antérieures à 6.5.32 | ||
| Cisco | ConfD | ConfD versions 6.5.x antérieures à 6.5.7 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ConfD versions 6.4.x ant\u00e9rieures \u00e0 6.4.7.2 et 6.4.8",
"product": {
"name": "ConfD",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Threat Defense (FTD) Software versions ant\u00e9rieures \u00e0 6.4.13",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cybervision Software versions ant\u00e9rieures \u00e0 4.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR (64-bit) Software versions ant\u00e9rieures \u00e0 7.0.2, 7.1.1",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Virtual Topology System (VTS) versions ant\u00e9rieures \u00e0 2.6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vEdge Routers versions ant\u00e9rieures \u00e0 18.4.4, 19.2.1, 19.3.0, 20.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Carrier Packet Transport toutes versions (aucun correctif ne sera publi\u00e9 car le produit est en fin de vie)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Enterprise NFV Infrastructure Software (NFVIS) versions ant\u00e9rieures \u00e0 3.12.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ConfD versions 6.7.x ant\u00e9rieures \u00e0 6.7.1",
"product": {
"name": "ConfD",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vSmart Software versions ant\u00e9rieures \u00e0 18.4.4, 19.2.1, 19.3.0, 20.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ConfD versions ant\u00e9rieures \u00e0 6.3.9.1",
"product": {
"name": "ConfD",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Threat Defense (FTD) Software versions 6.7.x et 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Network Services Orchestrator (NSO) versions ant\u00e9rieures \u00e0 4.3.9.1, 4.4.5.6, 4.4.8, 4.5.7, 4.6.1.7, 4.6.2, 4.7.1, 5.1.0.1, 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ConfD versions 6.6.x ant\u00e9rieures \u00e0 6.6.2",
"product": {
"name": "ConfD",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vManage Software versions ant\u00e9rieures \u00e0 18.4.4, 19.2.1, 19.3.0, 20.1.1",
"product": {
"name": "SD-WAN vManage",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Ultra Gateway Platform versions ant\u00e9rieures \u00e0 6.15.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE SD-WAN versions ant\u00e9rieures \u00e0 16.10.2, 16.12.1b, 17.2.1r",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Meraki MX Series Software toutes versions",
"product": {
"name": "Meraki MX",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vBond Software versions ant\u00e9rieures \u00e0 18.4.4, 19.2.1, 19.3.0, 20.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Threat Defense (FTD) Software versions 6.5.x et 6.6.x ant\u00e9rieures \u00e0 6.6.5.1",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RCM pour StarOS versions ant\u00e9rieures \u00e0 21.25.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Network Convergence System (NCS) 4009, 4016 versions ant\u00e9rieures \u00e0 6.5.32",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ConfD versions 6.5.x ant\u00e9rieures \u00e0 6.5.7",
"product": {
"name": "ConfD",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-20649",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20649"
},
{
"name": "CVE-2022-20655",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20655"
},
{
"name": "CVE-2022-20648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20648"
},
{
"name": "CVE-2022-20685",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20685"
}
],
"initial_release_date": "2022-01-20T00:00:00",
"last_revision_date": "2022-01-21T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-060",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-20T00:00:00.000000"
},
{
"description": "Ajout de la CVE-2022-20648",
"revision_date": "2022-01-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cli-cmdinj-4MttWZPB du 19 janvier 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cli-cmdinj-4MttWZPB"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-snort-dos-9D3hJLuj du 19 janvier 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-confdcli-cmdinj-wybQDSSh du 19 janvier 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confdcli-cmdinj-wybQDSSh"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-rcm-vuls-7cS3Nuq du 19 janvier 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-vuls-7cS3Nuq"
}
]
}
CERTFR-2021-AVI-809
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Cisco IOS XE SD-WAN. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IOS XE | Cisco IOS XE versions 17.3.x antérieures à 17.3.4 | ||
| Cisco | IOS XE | Cisco IOS XE versions 17.6.x antérieures à 17.6.1 | ||
| Cisco | IOS XE | Cisco IOS XE versions 17.5.x antérieures à 17.5.1a | ||
| Cisco | IOS XE | Cisco IOS XE versions 17.2.x antérieures à 17.2.3 | ||
| Cisco | IOS XE | Cisco IOS XE versions 17.4.x antérieures à 17.4.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IOS XE versions 17.3.x ant\u00e9rieures \u00e0 17.3.4",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE versions 17.6.x ant\u00e9rieures \u00e0 17.6.1",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE versions 17.5.x ant\u00e9rieures \u00e0 17.5.1a",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE versions 17.2.x ant\u00e9rieures \u00e0 17.2.3",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE versions 17.4.x ant\u00e9rieures \u00e0 17.4.2",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1529",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1529"
}
],
"initial_release_date": "2021-10-21T00:00:00",
"last_revision_date": "2021-10-21T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-809",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-21T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco IOS XE SD-WAN. Elle permet\n\u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco IOS XE SD-WAN",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sd-wan-rhpbE34A du 20 octobre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-rhpbE34A"
}
]
}
CERTFR-2021-AVI-728
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IOS XE | Cisco IOS XE SD-WAN Software | ||
| Cisco | N/A | Cisco Catalyst IW6300 Heavy Duty Series APs | ||
| Cisco | N/A | Cisco Catalyst 9100 APs | ||
| Cisco | N/A | Cisco Aironet 2800 Series APs | ||
| Cisco | N/A | Cisco 1000 Integrated Services Routers (ISRs) | ||
| Cisco | N/A | Cisco Aironet 1540 Series APs | ||
| Cisco | IOS XE | Cisco IOS XE Software | ||
| Cisco | N/A | Cisco Aironet 1800 Series APs | ||
| Cisco | N/A | Cisco 4000 Series ISRs | ||
| Cisco | N/A | Cisco cBR-8 Converged Broadband Routers | ||
| Cisco | N/A | Cisco Aironet 4800 APs | ||
| Cisco | N/A | Cisco Embedded Wireless Controller on Catalyst Access Points | ||
| Cisco | N/A | Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches | ||
| Cisco | N/A | Cisco 6300 Series Embedded Services APs | ||
| Cisco | N/A | Cisco Aironet 1560 Series | ||
| Cisco | N/A | Cisco Cloud Services Router (CSR) 1000V Series | ||
| Cisco | N/A | Cisco Integrated APs on 1100 Integrated Services Routers (ISRs) | ||
| Cisco | IOS | Cisco IOS | ||
| Cisco | N/A | Cisco Catalyst IW 6300 APs | ||
| Cisco | N/A | Cisco Catalyst 9800 Series Wireless Controllers | ||
| Cisco | N/A | Cisco Cloud Services Router 1000V Series | ||
| Cisco | N/A | Cisco Catalyst 9800 Wireless Controller for Cloud | ||
| Cisco | N/A | Cisco Integrated Services Virtual (ISRv) Routers | ||
| Cisco | N/A | Cisco Aironet 3800 Series APs | ||
| Cisco | N/A | Cisco ASR 1000 Series Aggregation Services Routers | ||
| Cisco | N/A | Cisco 1000 Series Integrated Services Routers (ISRs) | ||
| Cisco | N/A | Cisco Catalyst 9800 Wireless Controllers | ||
| Cisco | N/A | Cisco Aironet 1800 APs | ||
| Cisco | N/A | Cisco Catalyst 9800-CL Wireless Controllers for Cloud | ||
| Cisco | N/A | Cisco EWC Software for Catalyst APs | ||
| Cisco | N/A | Cisco Catalyst 9800 Wireless Controllers for Cloud | ||
| Cisco | N/A | Cisco Integrated Access Point on 1100 Integrated Services Routers | ||
| Cisco | N/A | Cisco Aironet 1540 Series | ||
| Cisco | N/A | Cisco ESW6300 Series APs | ||
| Cisco | N/A | Cisco Aironet 1560 Series APs |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IOS XE SD-WAN Software",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst IW6300 Heavy Duty Series APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9100 APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 2800 Series APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 1000 Integrated Services Routers (ISRs)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1540 Series APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE Software",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1800 Series APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 4000 Series ISRs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco cBR-8 Converged Broadband Routers",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 4800 APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Embedded Wireless Controller on Catalyst Access Points",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 6300 Series Embedded Services APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1560 Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Cloud Services Router (CSR) 1000V Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Integrated APs on 1100 Integrated Services Routers (ISRs)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst IW 6300 APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9800 Series Wireless Controllers",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Cloud Services Router 1000V Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9800 Wireless Controller for Cloud",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Integrated Services Virtual (ISRv) Routers",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 3800 Series APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASR 1000 Series Aggregation Services Routers",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 1000 Series Integrated Services Routers (ISRs)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9800 Wireless Controllers",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1800 APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9800-CL Wireless Controllers for Cloud",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco EWC Software for Catalyst APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9800 Wireless Controllers for Cloud",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Integrated Access Point on 1100 Integrated Services Routers",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1540 Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ESW6300 Series APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1560 Series APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1565"
},
{
"name": "CVE-2021-34769",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34769"
},
{
"name": "CVE-2021-34770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34770"
},
{
"name": "CVE-2021-1621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1621"
},
{
"name": "CVE-2021-1419",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1419"
},
{
"name": "CVE-2021-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1615"
},
{
"name": "CVE-2021-34727",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34727"
},
{
"name": "CVE-2021-34699",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34699"
},
{
"name": "CVE-2021-34768",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34768"
},
{
"name": "CVE-2021-1611",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1611"
},
{
"name": "CVE-2021-34740",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34740"
},
{
"name": "CVE-2021-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1620"
},
{
"name": "CVE-2021-34767",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34767"
},
{
"name": "CVE-2021-1623",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1623"
},
{
"name": "CVE-2021-1624",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1624"
},
{
"name": "CVE-2021-1622",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1622"
},
{
"name": "CVE-2021-34705",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34705"
},
{
"name": "CVE-2021-1619",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1619"
}
],
"initial_release_date": "2021-09-23T00:00:00",
"last_revision_date": "2021-09-23T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-728",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-09-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cbr8-cops-Vc2ZsJSx du 22 septembre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbr8-cops-Vc2ZsJSx"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-aaa-Yx47ZT8Q du 22 septembre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaa-Yx47ZT8Q"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxesdwan-rbuffover-vE2OB6tp du 22 septembre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-rbuffover-vE2OB6tp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ewlc-gre-6u4ELzAT du 22 septembre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-gre-6u4ELzAT"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-fxo-pattern-bypass-jUXgygYv du 22 septembre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxo-pattern-bypass-jUXgygYv"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-quewedge-69BsHUBW du 22 septembre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-quewedge-69BsHUBW"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ratenat-pYVLA7wM du 22 septembre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ratenat-pYVLA7wM"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ikev2-ebFrwMPr du 22 septembre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-ebFrwMPr"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ewlc-capwap-rce-LYgj8Kf du 22 septembre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-rce-LYgj8Kf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-airo-wpa-pktleak-dos-uSTyGrL du 22 septembre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-ewc-dos-g6JruHRT du 22 septembre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewc-dos-g6JruHRT"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cbr8snmp-zGjkZ9Fc du 22 septembre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbr8snmp-zGjkZ9Fc"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ewlc-capwap-dos-gmNjdKOY du 22 septembre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-dos-gmNjdKOY"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cisco-ap-LLjsGxv du 22 septembre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-ap-LLjsGxv"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-trustsec-dos-7fuXDR2 du 22 septembre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-trustsec-dos-7fuXDR2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ewlc-ipv6-dos-NMYeCnZv du 22 septembre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-ipv6-dos-NMYeCnZv"
}
]
}
CERTFR-2021-AVI-350
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco SD-WAN vEdge Cloud Routers versions antérieures à 20.4.1 ou 20.5.1 | ||
| Cisco | N/A | Cisco WAP125 Wireless-AC Dual Band Desktop Access Point with PoE versions antérieures à 1.0.4.3 | ||
| Cisco | N/A | Cisco WAP150 Wireless-AC/N Dual Radio Access Point with PoE versions antérieures à 1.1.3.2 | ||
| Cisco | N/A | Cisco WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch1 toutes versions (produit en fin de vie, ne recevra pas de correctif) | ||
| Cisco | N/A | Cisco WAP131 Wireless-N Dual Radio Access Point with PoE 1 toutes versions (produit en fin de vie, ne recevra pas de correctif) | ||
| Cisco | N/A | Cisco WAP581 Wireless-AC Dual Radio Wave 2 Access Point with 2.5GbE LAN versions antérieures à 1.0.4.4 | ||
| Cisco | N/A | Cisco AnyConnect Secure Mobility Client pour Windows versions antérieures à 4.10.00093 | ||
| Cisco | N/A | Cisco Enterprise NFV Infrastructure Software (NFVIS) versions antérieures à 4.5.1 | ||
| Cisco | N/A | Cisco HyperFlex HX Software versions antérieures à 4.0(2e) ou 4.5(1b) 4.5(2a) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM & Presence Service versions antérieures à 11.5(1)SU9 | ||
| Cisco | N/A | Cisco SD-WAN vSmart Controller Software versions antérieures à 20.4.1 ou 20.5.1 | ||
| Cisco | N/A | Cisco SD-WAN vEdge Routers versions antérieures à 20.4.1 ou 20.5.1 | ||
| Cisco | SD-WAN vManage | Cisco SD-WAN vManage Software versions antérieures à 20.4.1 ou 20.5.1 | ||
| Cisco | IOS XE | IOS XE SD-WAN Software toutes versions | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM & Presence Service versions 12.x antérieures à 12.5(1)SU4 | ||
| Cisco | N/A | Cisco SD-WAN vBond Orchestrator Software versions antérieures à 20.4.1 ou 20.5.1 | ||
| Cisco | N/A | Cisco WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE versions antérieures à 1.1.3.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco SD-WAN vEdge Cloud Routers versions ant\u00e9rieures \u00e0 20.4.1 ou 20.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WAP125 Wireless-AC Dual Band Desktop Access Point with PoE versions ant\u00e9rieures \u00e0 1.0.4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WAP150 Wireless-AC/N Dual Radio Access Point with PoE versions ant\u00e9rieures \u00e0 1.1.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch1 toutes versions (produit en fin de vie, ne recevra pas de correctif)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WAP131 Wireless-N Dual Radio Access Point with PoE 1 toutes versions (produit en fin de vie, ne recevra pas de correctif)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WAP581 Wireless-AC Dual Radio Wave 2 Access Point with 2.5GbE LAN versions ant\u00e9rieures \u00e0 1.0.4.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AnyConnect Secure Mobility Client pour Windows versions ant\u00e9rieures \u00e0 4.10.00093",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Enterprise NFV Infrastructure Software (NFVIS) versions ant\u00e9rieures \u00e0 4.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco HyperFlex HX Software versions ant\u00e9rieures \u00e0 4.0(2e) ou 4.5(1b) 4.5(2a)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM \u0026 Presence Service versions ant\u00e9rieures \u00e0 11.5(1)SU9",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vSmart Controller Software versions ant\u00e9rieures \u00e0 20.4.1 ou 20.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vEdge Routers versions ant\u00e9rieures \u00e0 20.4.1 ou 20.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vManage Software versions ant\u00e9rieures \u00e0 20.4.1 ou 20.5.1",
"product": {
"name": "SD-WAN vManage",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE SD-WAN Software toutes versions",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM \u0026 Presence Service versions 12.x ant\u00e9rieures \u00e0 12.5(1)SU4",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vBond Orchestrator Software versions ant\u00e9rieures \u00e0 20.4.1 ou 20.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE versions ant\u00e9rieures \u00e0 1.1.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1430",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1430"
},
{
"name": "CVE-2021-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1428"
},
{
"name": "CVE-2021-1275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1275"
},
{
"name": "CVE-2021-1468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1468"
},
{
"name": "CVE-2021-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1365"
},
{
"name": "CVE-2021-1497",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1497"
},
{
"name": "CVE-2021-1426",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1426"
},
{
"name": "CVE-2021-1510",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1510"
},
{
"name": "CVE-2021-1508",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1508"
},
{
"name": "CVE-2021-1513",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1513"
},
{
"name": "CVE-2021-1401",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1401"
},
{
"name": "CVE-2021-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1429"
},
{
"name": "CVE-2021-1505",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1505"
},
{
"name": "CVE-2021-1363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1363"
},
{
"name": "CVE-2021-1509",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1509"
},
{
"name": "CVE-2021-1498",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1498"
},
{
"name": "CVE-2021-1427",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1427"
},
{
"name": "CVE-2021-1421",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1421"
},
{
"name": "CVE-2021-1284",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1284"
},
{
"name": "CVE-2021-1511",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1511"
},
{
"name": "CVE-2021-1506",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1506"
},
{
"name": "CVE-2021-1400",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1400"
},
{
"name": "CVE-2021-1496",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1496"
}
],
"initial_release_date": "2021-05-06T00:00:00",
"last_revision_date": "2021-06-15T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-350",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-05-06T00:00:00.000000"
},
{
"description": "Correction de la version 4.5 non vuln\u00e9rable d\u0027HyperFlex HX.",
"revision_date": "2021-06-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-anyconnect-code-exec-jR3tWTA6 du 05 mai 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-code-exec-jR3tWTA6"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdw-auth-bypass-65aYqcS2 du 05 mai 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-auth-bypass-65aYqcS2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sb-wap-multi-ZAfKGXhF du 05 mai 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sd-wan-vmanage-4TbynnhZ du 05 mai 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-dos-Ckn5cVqW du 05 mai 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dos-Ckn5cVqW"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-imp-inj-ereCOKjR du 05 mai 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-buffover-MWGucjtO du 05 mai 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-buffover-MWGucjtO"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-hyperflex-rce-TjjNrkpR du 05 mai 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nfvis-cmdinj-DkFjqg2j du 05 mai 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-cmdinj-DkFjqg2j"
}
]
}
CERTFR-2021-AVI-219
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Catalyst IE3400 Heavy Duty Series Switches | ||
| Cisco | N/A | Cisco Catalyst IE3400 Rugged Series Switches | ||
| Cisco | IOS XE | Cisco IOS XE SD-WAN Software | ||
| Cisco | N/A | Cisco Catalyst 9100 APs | ||
| Cisco | N/A | Cisco Aironet 2800 Series APs | ||
| Cisco | N/A | Cisco Aironet 1540 Series APs | ||
| Cisco | IOS XE | Cisco IOS XE Software | ||
| Cisco | N/A | Cisco Catalyst 9300L | ||
| Cisco | N/A | Cisco Aironet 1800 Series APs | ||
| Cisco | N/A | Cisco Aironet 4800 APs | ||
| Cisco | Jabber | Cisco Jabber for MacOS | ||
| Cisco | N/A | Cisco Catalyst 3850 | ||
| Cisco | N/A | Cisco Catalyst C9500-48Y4C Switch | ||
| Cisco | N/A | Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches | ||
| Cisco | Jabber | Cisco Jabber for mobile platforms | ||
| Cisco | N/A | Cisco Catalyst IW 6300 APs | ||
| Cisco | N/A | Cisco Catalyst 9800 Series Wireless Controllers | ||
| Cisco | N/A | Cisco Catalyst 9400 Series Switches | ||
| Cisco | N/A | Cisco Catalyst 9600 Series Switches | ||
| Cisco | N/A | Cisco Catalyst 9300 | ||
| Cisco | Jabber | Cisco Jabber for Windows | ||
| Cisco | N/A | Cisco Catalyst C9500-24Y4C Switch | ||
| Cisco | N/A | Cisco Catalyst IE3300 Rugged Series Switches | ||
| Cisco | N/A | Cisco Aironet 3800 Series APs | ||
| Cisco | N/A | Cisco Catalyst C9500-32QC Switch | ||
| Cisco | N/A | Cisco Catalyst IE3200 Rugged Series Switches | ||
| Cisco | N/A | Cisco Catalyst C9500-32C Switch | ||
| Cisco | N/A | Cisco Aironet 1560 Series APs |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Catalyst IE3400 Heavy Duty Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst IE3400 Rugged Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE SD-WAN Software",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9100 APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 2800 Series APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1540 Series APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE Software",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9300L",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1800 Series APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 4800 APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Jabber for MacOS",
"product": {
"name": "Jabber",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 3850",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst C9500-48Y4C Switch",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Jabber for mobile platforms",
"product": {
"name": "Jabber",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst IW 6300 APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9800 Series Wireless Controllers",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9400 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9600 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 9300",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Jabber for Windows",
"product": {
"name": "Jabber",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst C9500-24Y4C Switch",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst IE3300 Rugged Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 3800 Series APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst C9500-32QC Switch",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst IE3200 Rugged Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst C9500-32C Switch",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1560 Series APs",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1441",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1441"
},
{
"name": "CVE-2021-1411",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1411"
},
{
"name": "CVE-2021-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1376"
},
{
"name": "CVE-2021-1373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1373"
},
{
"name": "CVE-2021-1453",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1453"
},
{
"name": "CVE-2021-1375",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1375"
},
{
"name": "CVE-2021-1446",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1446"
},
{
"name": "CVE-2021-1437",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1437"
},
{
"name": "CVE-2021-1417",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1417"
},
{
"name": "CVE-2021-1392",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1392"
},
{
"name": "CVE-2021-1398",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1398"
},
{
"name": "CVE-2021-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1471"
},
{
"name": "CVE-2021-1452",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1452"
},
{
"name": "CVE-2021-1449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1449"
},
{
"name": "CVE-2021-1439",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1439"
},
{
"name": "CVE-2021-1418",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1418"
},
{
"name": "CVE-2021-1469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1469"
},
{
"name": "CVE-2021-1403",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1403"
},
{
"name": "CVE-2021-1451",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1451"
},
{
"name": "CVE-2021-1432",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1432"
},
{
"name": "CVE-2021-1433",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1433"
},
{
"name": "CVE-2021-1442",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1442"
},
{
"name": "CVE-2021-1431",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1431"
},
{
"name": "CVE-2021-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1352"
}
],
"initial_release_date": "2021-03-25T00:00:00",
"last_revision_date": "2021-03-25T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cisco-jabber-PWrTATTC du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC"
}
],
"reference": "CERTFR-2021-AVI-219",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-aironet-mdns-dos-E6KwYuMx du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-mdns-dos-E6KwYuMx"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-romvar-cmd-inj-N56fYbrw du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-romvar-cmd-inj-N56fYbrw"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-buffover-CqdRWLc du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-buffover-CqdRWLc"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-fast-Zqr6DD5 du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fast-Zqr6DD5"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-xe-cat-verify-BQ5hrXgH du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-BQ5hrXgH"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-xe-iot-codexec-k46EFF6q du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-iot-codexec-k46EFF6q"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-sdwdos-4zeEeC9w du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-sdwdos-4zeEeC9w"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-aironet-info-disc-BfWqghj du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-info-disc-BfWqghj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-cswsh-FKk9AzT5 du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cswsh-FKk9AzT5"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-alg-dos-hbBS7SZE du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-hbBS7SZE"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-decnet-dos-cuPWDkyL du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-xe-evss-code-exe-8cw5VSvw du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-evss-code-exe-8cw5VSvw"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-sdwarbcmdexec-sspOMUr3 du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-sdwarbcmdexec-sspOMUr3"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-XE-ACE-75K3bRWe du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-ACE-75K3bRWe"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ewlc-capwap-dos-2OA3JgKS du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-dos-2OA3JgKS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-xe-pnp-priv-esc-AmG3kuVL du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-pnp-priv-esc-AmG3kuVL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-XE-SAP-OPLbze68 du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-SAP-OPLbze68"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ap-privesc-wEVfp8Ud du 24 mars 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-privesc-wEVfp8Ud"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cisco-jabber-PWrTATTChttps: du 24 mars 2021",
"url": null
}
]
}
CERTFR-2021-AVI-052
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IOS XE | IOS XE SD-WAN Software versions antérieures à 16.12.4 | ||
| Cisco | N/A | Cisco DNA Center Software versions antérieures à 2.1.2.0 | ||
| Cisco | Smart Software Manager | Cisco Smart Software Manager Satellite versions 5.1.0 et antérieures | ||
| Cisco | IOS XE | IOS XE Software versions 17.4.x antérieures à 17.3.1 | ||
| Cisco | N/A | SD-WAN Software versions antérieures à 20.3.2 | ||
| Cisco | N/A | Cisco AMP for Endpoints pour Windows versions antérieures à 7.3.3 | ||
| Cisco | IOS XE | IOS XE Software versions 17.2.x antérieures à 17.2.2 | ||
| Cisco | N/A | Immunet pour Windows versions antérieures à 7.3.12 | ||
| Cisco | N/A | SD-WAN Software versions 20.4.x antérieures à 20.4.1 | ||
| Cisco | IOS XE | IOS XE Software versions 17.4.x antérieures à 17.4.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IOS XE SD-WAN Software versions ant\u00e9rieures \u00e0 16.12.4",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco DNA Center Software versions ant\u00e9rieures \u00e0 2.1.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Smart Software Manager Satellite versions 5.1.0 et ant\u00e9rieures",
"product": {
"name": "Smart Software Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE Software versions 17.4.x ant\u00e9rieures \u00e0 17.3.1",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "SD-WAN Software versions ant\u00e9rieures \u00e0 20.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AMP for Endpoints pour Windows versions ant\u00e9rieures \u00e0 7.3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE Software versions 17.2.x ant\u00e9rieures \u00e0 17.2.2",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Immunet pour Windows versions ant\u00e9rieures \u00e0 7.3.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "SD-WAN Software versions 20.4.x ant\u00e9rieures \u00e0 20.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE Software versions 17.4.x ant\u00e9rieures \u00e0 17.4.1",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1305"
},
{
"name": "CVE-2021-1241",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1241"
},
{
"name": "CVE-2021-1260",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1260"
},
{
"name": "CVE-2021-1277",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1277"
},
{
"name": "CVE-2021-1274",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1274"
},
{
"name": "CVE-2021-1247",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1247"
},
{
"name": "CVE-2021-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1302"
},
{
"name": "CVE-2021-1262",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1262"
},
{
"name": "CVE-2021-1139",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1139"
},
{
"name": "CVE-2021-1219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1219"
},
{
"name": "CVE-2021-1142",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1142"
},
{
"name": "CVE-2021-1248",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1248"
},
{
"name": "CVE-2021-1276",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1276"
},
{
"name": "CVE-2021-1140",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1140"
},
{
"name": "CVE-2021-1280",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1280"
},
{
"name": "CVE-2021-1299",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1299"
},
{
"name": "CVE-2021-1300",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1300"
},
{
"name": "CVE-2021-1138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1138"
},
{
"name": "CVE-2021-1278",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1278"
},
{
"name": "CVE-2021-1304",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1304"
},
{
"name": "CVE-2021-1141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1141"
},
{
"name": "CVE-2021-1263",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1263"
},
{
"name": "CVE-2021-1261",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1261"
},
{
"name": "CVE-2021-1279",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1279"
},
{
"name": "CVE-2021-1301",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1301"
},
{
"name": "CVE-2021-1273",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1273"
},
{
"name": "CVE-2021-1298",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1298"
}
],
"initial_release_date": "2021-01-21T00:00:00",
"last_revision_date": "2021-01-21T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-052",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-dcnm-sql-inj-OAQOObP du 20 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-sql-inj-OAQOObP"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-abyp-TnGFHrS du 20 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-abyp-TnGFHrS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-dcnm-cert-check-BdZZV9T3 du 20 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-cert-check-BdZZV9T3"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cssm-sc-Jd42D4Tq du 20 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sc-Jd42D4Tq"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-bufovulns-B5NrSHbj du 20 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-dosmulti-48jJuEUP du 20 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-amp-imm-dll-5PAZ3hRV du 20 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp-imm-dll-5PAZ3hRV"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cssm-multici-pgG5WM5A du 20 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-multici-pgG5WM5A"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-cmdinjm-9QMSmgcn du 20 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn"
}
]
}
CERTFR-2020-AVI-600
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans le noyau Polaris des switches Cisco Catalyst 9200. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "switches Catalyst s\u00e9rie 9200 utilisant IOS XE versions ant\u00e9rieures \u00e0 16.12.3",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "switches Catalyst s\u00e9rie 9200 utilisant IOS XE versions ant\u00e9rieures \u00e0 16.9.5",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-3527",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3527"
}
],
"initial_release_date": "2020-09-25T00:00:00",
"last_revision_date": "2020-09-25T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-600",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le noyau Polaris des switches\nCisco Catalyst 9200. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco le noyau Polaris des switches Cisco Catalyst 9200",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-JP-DOS-g5FfGm8y du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-JP-DOS-g5FfGm8y"
}
]
}
CERTFR-2020-AVI-472
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IOS XE | Cisco IOS XE SD-WAN versions 17.2.x antérieures à 17.2.1r | ||
| Cisco | SD-WAN vManage | Cisco SD-WAN vManage versions 19.x antérieures à 19.2.2 | ||
| Cisco | SD-WAN vManage | Cisco SD-WAN vManage versions antérieures à 18.4.5 | ||
| Cisco | SD-WAN vManage | Cisco SD-WAN vManage versions 19.3.x et 20.x antérieures à 20.1.1 | ||
| Cisco | N/A | Cisco DCNM versions 11.x antérieures à 11.4(1) | ||
| Cisco | IOS XE | Cisco IOS XE SD-WAN versions antérieures à 16.12.3 | ||
| Cisco | N/A | Cisco SD-WAN vEdge, vBond et vSmart versions 19.3.x et 20.x antérieures à 20.1.1 | ||
| Cisco | N/A | Cisco SD-WAN vEdge, vBond et vSmart versions 19.x antérieures à 19.2.2 | ||
| Cisco | N/A | Cisco SD-WAN vEdge, vBond et vSmart versions antérieures à 18.4.5 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IOS XE SD-WAN versions 17.2.x ant\u00e9rieures \u00e0 17.2.1r",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vManage versions 19.x ant\u00e9rieures \u00e0 19.2.2",
"product": {
"name": "SD-WAN vManage",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vManage versions ant\u00e9rieures \u00e0 18.4.5",
"product": {
"name": "SD-WAN vManage",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vManage versions 19.3.x et 20.x ant\u00e9rieures \u00e0 20.1.1",
"product": {
"name": "SD-WAN vManage",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco DCNM versions 11.x ant\u00e9rieures \u00e0 11.4(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE SD-WAN versions ant\u00e9rieures \u00e0 16.12.3",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vEdge, vBond et vSmart versions 19.3.x et 20.x ant\u00e9rieures \u00e0 20.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vEdge, vBond et vSmart versions 19.x ant\u00e9rieures \u00e0 19.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vEdge, vBond et vSmart versions ant\u00e9rieures \u00e0 18.4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-3382",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3382"
},
{
"name": "CVE-2020-3376",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3376"
},
{
"name": "CVE-2020-3374",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3374"
},
{
"name": "CVE-2020-3375",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3375"
},
{
"name": "CVE-2020-3384",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3384"
},
{
"name": "CVE-2020-3383",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3383"
},
{
"name": "CVE-2020-3386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3386"
},
{
"name": "CVE-2020-3377",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3377"
}
],
"initial_release_date": "2020-07-30T00:00:00",
"last_revision_date": "2020-07-30T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-472",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-07-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-devmgr-cmd-inj-Umc8RHNh du 29 juillet 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-devmgr-cmd-inj-Umc8RHNh"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-dcnm-path-trav-2xZOnJdR du 29 juillet 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-path-trav-2xZOnJdR"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-dcnm-improper-auth-7Krd9TDT du 29 juillet 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-improper-auth-7Krd9TDT"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-uabvman-SYGzt8Bv du 29 juillet 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uabvman-SYGzt8Bv"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-dcnm-rest-inj-BCt8pwAJ du 29 juillet 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-rest-inj-BCt8pwAJ"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdbufof-h5f5VSeL du 29 juillet 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdbufof-h5f5VSeL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-dcnm-bypass-dyEejUMs du 29 juillet 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-bypass-dyEejUMs"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-dcnm-auth-bypass-JkubGpu3 du 29 juillet 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-auth-bypass-JkubGpu3"
}
]
}
CERTFR-2020-AVI-340
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco IOx sans le dernier correctif de sécurité (voir le site du constructeur pour la liste des produits vulnérables) | ||
| Cisco | IOS | Cisco IOS pour routeurs Cisco séries CGR1000 sans le dernier correctif de sécurité | ||
| Cisco | NX-OS | Cisco NX-OS sans le dernier correctif de sécurité (voir le site du constructeur pour la liste des produits vulnérables) | ||
| Cisco | IOS XE | Cisco IOS et IOS XE sans le dernier correctif de sécurité (voir le site du constructeur pour la liste des produits vulnérables) | ||
| Cisco | IOS | Cisco IOS pour routeurs Cisco 809 et 829 (Industrial ISRs) sans le dernier correctif de sécurité | ||
| Cisco | IOS XR | Cisco IOS XR versions 5.2 et 5.3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IOx sans le dernier correctif de s\u00e9curit\u00e9 (voir le site du constructeur pour la liste des produits vuln\u00e9rables)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS pour routeurs Cisco s\u00e9ries CGR1000 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS sans le dernier correctif de s\u00e9curit\u00e9 (voir le site du constructeur pour la liste des produits vuln\u00e9rables)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS et IOS XE sans le dernier correctif de s\u00e9curit\u00e9 (voir le site du constructeur pour la liste des produits vuln\u00e9rables)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS pour routeurs Cisco 809 et 829 (Industrial ISRs) sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 5.2 et 5.3",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-3211",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3211"
},
{
"name": "CVE-2020-3257",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3257"
},
{
"name": "CVE-2020-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3212"
},
{
"name": "CVE-2020-3205",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3205"
},
{
"name": "CVE-2020-3218",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3218"
},
{
"name": "CVE-2020-3200",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3200"
},
{
"name": "CVE-2020-3234",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3234"
},
{
"name": "CVE-2020-3229",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3229"
},
{
"name": "CVE-2020-3217",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3217"
},
{
"name": "CVE-2020-3208",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3208"
},
{
"name": "CVE-2020-3235",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3235"
},
{
"name": "CVE-2020-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3219"
},
{
"name": "CVE-2020-3230",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3230"
},
{
"name": "CVE-2020-3209",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3209"
},
{
"name": "CVE-2020-3258",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3258"
},
{
"name": "CVE-2020-3199",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3199"
},
{
"name": "CVE-2020-3227",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3227"
},
{
"name": "CVE-2020-3203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3203"
},
{
"name": "CVE-2020-3210",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3210"
},
{
"name": "CVE-2020-3198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3198"
},
{
"name": "CVE-2020-3225",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3225"
},
{
"name": "CVE-2020-3224",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3224"
},
{
"name": "CVE-2020-3238",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3238"
},
{
"name": "CVE-2020-3221",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3221"
}
],
"initial_release_date": "2020-06-04T00:00:00",
"last_revision_date": "2020-06-05T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-340",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-06-04T00:00:00.000000"
},
{
"description": "Correction de la date de certains avis.",
"revision_date": "2020-06-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-digsig-bypass-FYQ3bmVq du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-digsig-bypass-FYQ3bmVq"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-vds-cred-uPMp9zbY du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cred-uPMp9zbY"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-fnfv9-dos-HND6Fc9u du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sip-Cv28sQw2 du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sip-Cv28sQw2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webui-cmdinj-zM283Zdw du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-zM283Zdw"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ioxPE-KgGvCAf9 du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxPE-KgGvCAf9"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-web-cmdinj2-fOnjk2LD du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj2-fOnjk2LD"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-caf-3dXM8exv du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-caf-3dXM8exv"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-snmp-dos-USxSyTk5 du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-USxSyTk5"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ngwc-cmdinj-KEwWVWR du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ngwc-cmdinj-KEwWVWR"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-webui-rce-uk8BXcUD du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-rce-uk8BXcUD"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cipdos-hkfTZXEx du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cipdos-hkfTZXEx"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-web-cmdinj4-S2TmH7GA du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj4-S2TmH7GA"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webui-PZgQxjfG du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-PZgQxjfG"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-ewlc-dos-TkuPVmZN du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-dos-TkuPVmZN"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-web-cmdinj3-44st5CcA du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj3-44st5CcA"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-gos-vuln-s9qS8kYL du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ssh-dos-Un22sd2A du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2A"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ikev2-9p23Jj2a du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-9p23Jj2a"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-rce-xYRSeMNH du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-ir800-img-verif-wHhLYHjK du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-ir800-img-verif-wHhLYHjK"
}
]
}
CERTFR-2020-AVI-254
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Cisco IOS XE SD-WAN. Elle permet à un attaquant de provoquer une exécution de code arbitraire.
Solution
Le nouveau mode de publication unifié de IOS XE et du logiciel SD-WAN modifie les procédures de mise à jour : se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IOS XE | ISR série 4000 avec Cisco IOS XE SD-WAN versions antérieures à 17.2.1r | ||
| Cisco | IOS XE | Routeurs Série 1000 "Integrated Services Routers (ISR)" avec Cisco IOS XE SD-WAN versions antérieures à 17.2.1r | ||
| Cisco | IOS XE | Routeurs Série 1000V "Cloud Services Router" avec Cisco IOS XE SD-WAN versions antérieures à 17.2.1r | ||
| Cisco | IOS XE | Routeurs Série 1000 "Aggregation Services" avec Cisco IOS XE SD-WAN versions antérieures à 17.2.1r |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ISR s\u00e9rie 4000 avec Cisco IOS XE SD-WAN versions ant\u00e9rieures \u00e0 17.2.1r",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Routeurs S\u00e9rie 1000 \"Integrated Services Routers (ISR)\" avec Cisco IOS XE SD-WAN versions ant\u00e9rieures \u00e0 17.2.1r",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Routeurs S\u00e9rie 1000V \"Cloud Services Router\" avec Cisco IOS XE SD-WAN versions ant\u00e9rieures \u00e0 17.2.1r",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Routeurs S\u00e9rie 1000 \"Aggregation Services\" avec Cisco IOS XE SD-WAN versions ant\u00e9rieures \u00e0 17.2.1r",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nLe nouveau mode de publication unifi\u00e9 de IOS XE et du logiciel SD-WAN\nmodifie les proc\u00e9dures de mise \u00e0 jour : se r\u00e9f\u00e9rer au bulletin de\ns\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section\nDocumentation).\n",
"cves": [
{
"name": "CVE-2019-16011",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16011"
}
],
"initial_release_date": "2020-04-30T00:00:00",
"last_revision_date": "2020-04-30T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-254",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco IOS XE SD-WAN. Elle permet\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco IOS XE SD-WAN",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-xesdwcinj-AcQ5MxCn du 29 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xesdwcinj-AcQ5MxCn"
}
]
}
CERTFR-2020-AVI-055
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Firepower Management Center (FMC) versions 6.4.x antérieures à 6.4.0.7 | ||
| Cisco | N/A | Cisco TC versions 7.x (CSCvs67675) antérieures à 7.3.20 | ||
| Cisco | N/A | Cisco Firepower Management Center (FMC) versions 6.3.x antérieures à 6.3.0.6 (correctif disponible en mai 2020) | ||
| Cisco | IOS XE | Cisco IOS XE SD-WAN versions antérieures à 16.12.1 | ||
| Cisco | N/A | Cisco CE versions 9.x (CSCvs45241, CSCvs67680) antérieures à 9.8.3 | ||
| Cisco | Smart Software Manager | Cisco Smart Software Manager On-Prem versions antérieures à 7-201910 | ||
| Cisco | N/A | Cisco Firepower Management Center (FMC) versions antérieures à 6.2.3.16 (correctif disponible en février 2020) | ||
| Cisco | IOS XR | Cisco IOS XR (se référer au bulletin de l'éditeur pour la liste des correctifs disponibles, cf. section Documentation) | ||
| Cisco | N/A | Cisco CE versions 9.10.x (CSCvs45241, CSCvs67680) antérieures à 9.10.0 | ||
| Cisco | N/A | Cisco CE versions 9.9.x (CSCvs45241, CSCvs67680) antérieures à 9.9.2 | ||
| Cisco | N/A | Cisco CE versions 8.x (CSCvs45241, CSCvs67680) antérieures à 8.3.8 | ||
| Cisco | N/A | Cisco SD-WAN Solution vManage versions antérieures à 18.4.302 | ||
| Cisco | N/A | Cisco Firepower Management Center (FMC) versions 6.5.x antérieures à 6.5.0.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Firepower Management Center (FMC) versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TC versions 7.x (CSCvs67675) ant\u00e9rieures \u00e0 7.3.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center (FMC) versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.6 (correctif disponible en mai 2020)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE SD-WAN versions ant\u00e9rieures \u00e0 16.12.1",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco CE versions 9.x (CSCvs45241, CSCvs67680) ant\u00e9rieures \u00e0 9.8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Smart Software Manager On-Prem versions ant\u00e9rieures \u00e0 7-201910",
"product": {
"name": "Smart Software Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center (FMC) versions ant\u00e9rieures \u00e0 6.2.3.16 (correctif disponible en f\u00e9vrier 2020)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR (se r\u00e9f\u00e9rer au bulletin de l\u0027\u00e9diteur pour la liste des correctifs disponibles, cf. section Documentation)",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco CE versions 9.10.x (CSCvs45241, CSCvs67680) ant\u00e9rieures \u00e0 9.10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco CE versions 9.9.x (CSCvs45241, CSCvs67680) ant\u00e9rieures \u00e0 9.9.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco CE versions 8.x (CSCvs45241, CSCvs67680) ant\u00e9rieures \u00e0 8.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN Solution vManage versions ant\u00e9rieures \u00e0 18.4.302",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center (FMC) versions 6.5.x ant\u00e9rieures \u00e0 6.5.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-16027",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16027"
},
{
"name": "CVE-2019-16028",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16028"
},
{
"name": "CVE-2019-16019",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16019"
},
{
"name": "CVE-2019-16029",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16029"
},
{
"name": "CVE-2019-1950",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1950"
},
{
"name": "CVE-2020-3115",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3115"
},
{
"name": "CVE-2019-16022",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16022"
},
{
"name": "CVE-2019-16018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16018"
},
{
"name": "CVE-2019-16020",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16020"
},
{
"name": "CVE-2019-16021",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16021"
},
{
"name": "CVE-2020-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3143"
},
{
"name": "CVE-2019-16023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16023"
}
],
"initial_release_date": "2020-01-23T00:00:00",
"last_revision_date": "2020-01-23T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-055",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-01-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, un contournement de la politique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-telepresence-path-tr-wdrnYEZZ du 22 janvier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200122-fmc-auth du 22 janvier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200122-ios-xr-evpn du 22 janvier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sd-wan-cred-EVGSF259 du 22 janvier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200122-ios-xr-routes du 22 janvier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200122-sdwan-priv-esc du 22 janvier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-priv-esc"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200122-on-prem-dos du 22 janvier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-on-prem-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200122-ios-xr-dos du 22 janvier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos"
}
]
}
CERTFR-2020-AVI-014
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IOS et IOS XE versions ant\u00e9rieures \u00e0 16.1.1 avec le serveur HTTP activ\u00e9",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Webex Video Mesh versions ant\u00e9rieures \u00e0 2019.09.19.1956m",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-16005",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16005"
},
{
"name": "CVE-2019-16009",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16009"
}
],
"initial_release_date": "2020-01-09T00:00:00",
"last_revision_date": "2020-01-09T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-014",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-01-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et une injection de requ\u00eates ill\u00e9gitimes par\nrebond (CSRF).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200108-ios-csrf du 08 janvier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ios-csrf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200108-webex-video du 08 janvier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-webex-video"
}
]
}
CERTFR-2019-AVI-468
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IOS | Cisco IOS Gateways with Session Initiation Protocol (SIP) | ||
| Cisco | N/A | Cisco Business Edition 4000 (BE4K) | ||
| Cisco | N/A | Cisco Catalyst 4500 Supervisor Engine 6L-E | ||
| Cisco | N/A | Cisco Cloud Services Router (CSR) 1000V Series | ||
| Cisco | N/A | Cisco Enterprise Network Compute System (ENCS) | ||
| Cisco | N/A | Cisco TDM Gateways | ||
| Cisco | N/A | Cisco Catalyst 4948E-F Ethernet Switch | ||
| Cisco | N/A | Cisco Catalyst 4500 Supervisor Engine 6-E | ||
| Cisco | N/A | Cisco Unified Survivable Remote Site Telephony (SRST) | ||
| Cisco | N/A | Cisco Catalyst 4948E Ethernet Switch | ||
| Cisco | IOS XE | Cisco ASR 900 Series routers avec Cisco IOS XE version 16.9 configuré en tant que serveur Raw Socket TCP | ||
| Cisco | IOS | Cisco Industrial Ethernet 4000 Series Switches: Cisco IOS Software versions antérieures à 15.2(7)E | ||
| Cisco | N/A | Cisco 800 Series Industrial Integrated Services Routers et Cisco 1000 Series Connected Grid Routers (CGR 1000) | ||
| Cisco | N/A | Cisco Unified Border Element (CUBE) | ||
| Cisco | IOS XE | Cisco IOS et IOS XE (voir sur le site du constructeur pour les versions vulnérables) | ||
| Cisco | N/A | Cisco Catalyst 4900M Switch | ||
| Cisco | N/A | Cisco IC3000 Industrial Compute Gateway: Industrial Compute Gateway Software versions antérieures à 1.1.1 | ||
| Cisco | N/A | Cisco CGR 1000 Compute Module: CGR 1000 IOx Compute Platform Firmware | ||
| Cisco | N/A | Cisco Integrated Services Virtual Router (ISRv) | ||
| Cisco | N/A | Cisco Catalyst 3850 et 9300 Series Switches | ||
| Cisco | N/A | Cisco 1100, 4200 et 4300 Integrated Services Routers (ISRs) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager Express (CME) | ||
| Cisco | N/A | Cisco 510 WPAN Industrial Router: Industrial Routers Operating System Software versions antérieures à 6.1.27 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IOS Gateways with Session Initiation Protocol (SIP)",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Business Edition 4000 (BE4K)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 4500 Supervisor Engine 6L-E",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Cloud Services Router (CSR) 1000V Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Enterprise Network Compute System (ENCS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TDM Gateways",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 4948E-F Ethernet Switch",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 4500 Supervisor Engine 6-E",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Survivable Remote Site Telephony (SRST)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 4948E Ethernet Switch",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASR 900 Series routers avec Cisco IOS XE version 16.9 configur\u00e9 en tant que serveur Raw Socket TCP",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Industrial Ethernet 4000 Series Switches: Cisco IOS Software versions ant\u00e9rieures \u00e0 15.2(7)E",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 800 Series Industrial Integrated Services Routers et Cisco 1000 Series Connected Grid Routers (CGR 1000)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Border Element (CUBE)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS et IOS XE (voir sur le site du constructeur pour les versions vuln\u00e9rables)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 4900M Switch",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IC3000 Industrial Compute Gateway: Industrial Compute Gateway Software versions ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco CGR 1000 Compute Module: CGR 1000 IOx Compute Platform Firmware",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Integrated Services Virtual Router (ISRv)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 3850 et 9300 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 1100, 4200 et 4300 Integrated Services Routers (ISRs)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager Express (CME)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 510 WPAN Industrial Router: Industrial Routers Operating System Software versions ant\u00e9rieures \u00e0 6.1.27",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12656",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12656"
},
{
"name": "CVE-2019-12650",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12650"
},
{
"name": "CVE-2019-12648",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12648"
},
{
"name": "CVE-2019-12657",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12657"
},
{
"name": "CVE-2019-12649",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12649"
},
{
"name": "CVE-2019-12651",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12651"
},
{
"name": "CVE-2019-12655",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12655"
},
{
"name": "CVE-2019-12653",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12653"
},
{
"name": "CVE-2019-12646",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12646"
},
{
"name": "CVE-2019-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12652"
},
{
"name": "CVE-2019-12647",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12647"
},
{
"name": "CVE-2019-12658",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12658"
},
{
"name": "CVE-2019-12654",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12654"
}
],
"initial_release_date": "2019-09-26T00:00:00",
"last_revision_date": "2019-09-26T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-468",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-09-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-identd-dos du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-identd-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-webui-cmd-injection du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-iox du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-rawtcp-dos du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-rawtcp-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-ios-gos-auth du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-cat4000-tcp-dos du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-cat4000-tcp-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-iosxe-fsdos du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-fsdos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-ftp du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ftp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-utd du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-utd"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-iosxe-digsig-bypass du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-digsig-bypass"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-sip-dos du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-sip-alg du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-alg"
}
]
}
CERTFR-2019-AVI-270
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Cisco IOS XE. Elle permet à un attaquant de provoquer une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IOS XE, la v\u00e9rification des versions vuln\u00e9rables s\u0027effectue directement sur le site du constructeur (cf. section Documentation).",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1904",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1904"
}
],
"initial_release_date": "2019-06-14T00:00:00",
"last_revision_date": "2019-06-14T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-270",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-06-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco IOS XE. Elle permet \u00e0 un\nattaquant de provoquer une injection de requ\u00eates ill\u00e9gitimes par rebond\n(CSRF).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco IOS XE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190612-iosxe-csrf du 12 juin 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190612-iosxe-csrf"
}
]
}
CERTFR-2019-AVI-205
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Se référer au bulletin de sécurité de l'éditeur pour vérifier les équipements de sécurité, de routage et de commutation dont le microgiciel est affecté par la vulnérabilité CVE-2019-1649. Celle-ci permet à un attaquant authentifié, ayant un accès local, de modifier ce microgiciel (cf. section Documentation). | ||
| Cisco | IOS XE | Cisco IOS XE avec le serveur HTTP activé. Se référer au bulletin de sécurité de l'éditeur pour vérifier les versions vulnérables (cf. section Documentation). |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour v\u00e9rifier les \u00e9quipements de s\u00e9curit\u00e9, de routage et de commutation dont le microgiciel est affect\u00e9 par la vuln\u00e9rabilit\u00e9 CVE-2019-1649. Celle-ci permet \u00e0 un attaquant authentifi\u00e9, ayant un acc\u00e8s local, de modifier ce microgiciel (cf. section Documentation).",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE avec le serveur HTTP activ\u00e9. Se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour v\u00e9rifier les versions vuln\u00e9rables (cf. section Documentation).",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1649",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1649"
},
{
"name": "CVE-2019-1862",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1862"
}
],
"initial_release_date": "2019-05-14T00:00:00",
"last_revision_date": "2019-05-14T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-205",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-05-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190513-secureboot du 13 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190513-webui du 13 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-webui"
}
]
}
CERTFR-2019-AVI-133
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IOS XE | Cisco IOS XE | ||
| Cisco | N/A | Cisco ASR 900 RSP3 | ||
| Cisco | IOS | Cisco IOS | ||
| Cisco | N/A | Cisco Catalyst 4500/4500X | ||
| Cisco | IOS XE | Routeurs Cisco avec un module Sierra Wireless WWAN cellular interface et exécutant une version logicielle Cisco IOS Release 15.8(3)M ou Cisco IOS XE Release 16.10.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IOS XE",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASR 900 RSP3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 4500/4500X",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Routeurs Cisco avec un module Sierra Wireless WWAN cellular interface et ex\u00e9cutant une version logicielle Cisco IOS Release 15.8(3)M ou Cisco IOS XE Release 16.10.1",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1752"
},
{
"name": "CVE-2019-1743",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1743"
},
{
"name": "CVE-2019-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1749"
},
{
"name": "CVE-2019-1739",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1739"
},
{
"name": "CVE-2019-1753",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1753"
},
{
"name": "CVE-2019-1751",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1751"
},
{
"name": "CVE-2019-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1748"
},
{
"name": "CVE-2019-1755",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1755"
},
{
"name": "CVE-2019-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1747"
},
{
"name": "CVE-2019-1742",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1742"
},
{
"name": "CVE-2019-1741",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1741"
},
{
"name": "CVE-2019-1738",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1738"
},
{
"name": "CVE-2019-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1746"
},
{
"name": "CVE-2019-1756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1756"
},
{
"name": "CVE-2019-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1737"
},
{
"name": "CVE-2019-1754",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1754"
},
{
"name": "CVE-2019-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1745"
},
{
"name": "CVE-2019-1740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1740"
},
{
"name": "CVE-2019-1750",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1750"
}
],
"initial_release_date": "2019-03-28T00:00:00",
"last_revision_date": "2019-03-28T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-133",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190327-afu du 27 mars 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-afu"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190327-nat64 du 27 mars 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nat64"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190327-ipsla-dos du 27 mars 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-ipsla-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190327-cmp-dos du 27 mars 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190327-sms-dos du 27 mars 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-sms-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190327-isdn du 27 mars 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-isdn"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190327-xecmd du 27 mars 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-xecmd"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190327-iosxe-cmdinject du 27 mars 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinject"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190327-evss du 27 mars 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-evss"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190327-iosxe-cmdinj du 27 mars 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190327-nbar du 27 mars 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nbar"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190327-pnp-cert du 27 mars 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190327-rsp3-ospf du 27 mars 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-rsp3-ospf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190327-eta-dos du 27 mars 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-eta-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190327-iosxe-pe du 27 mars 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-pe"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190327-xeid du 27 mars 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-xeid"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190327-iosxe-privesc du 27 mars 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-privesc"
}
]
}
CERTFR-2018-AVI-458
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IOS XE | Logiciel Cisco IOS XE vulnérable configuré avec la fonctionnalité NAT | ||
| Cisco | IOS | Commutateur Industrial Ethernet 2000 Series exécutant une version vulnérable de Cisco IOS et configuré pour gérer les paquets PTP | ||
| Cisco | IOS | Commutateur Industrial Ethernet 4000 Series exécutant une version vulnérable de Cisco IOS et configuré pour gérer les paquets PTP | ||
| Cisco | IOS XE | Commutateurs Cisco Catalyst 3650 et 3850 exécutant une version logiciel Cisco IOS XE vulnérable avec le serveur HTTP activé | ||
| Cisco | IOS | Commutateur Industrial Ethernet 5000 Series exécutant une version vulnérable de Cisco IOS et configuré pour gérer les paquets PTP | ||
| Cisco | IOS | Commutateur Industrial Ethernet 3010 Series exécutant une version vulnérable de Cisco IOS et configuré pour gérer les paquets PTP | ||
| Cisco | IOS XE | Commutateur Cisco Catalyst 3650, 3850 et 4500E exécutant une version vulnérable du logiciel Cisco IOS XE avec la fonctionnalité errdisable activé | ||
| Cisco | IOS XE | Routeurs Cisco ISR G2 ou Cisco ISR4451-X avec un module SM-X-1T3/E3 installé et exécutant une version vulnérable des logiciels Cisco IOS ou IOS XE | ||
| Cisco | IOS | Commutateur Industrial Ethernet 4010 Series exécutant une version vulnérable de Cisco IOS et configuré pour gérer les paquets PTP | ||
| Cisco | IOS | Commutateur Connected Grid Ethernet Module Interface Card exécutant une version vulnérable de Cisco IOS et configuré pour gérer les paquets PTP | ||
| Cisco | IOS XE | Logiciel Cisco IOS XE vulnérable avec le serveur HTTP activé | ||
| Cisco | IOS XE | Commutateur Cisco Catalyst exécutant une version logiciel vulnérable de Cisco IOS ou Cisco IOS XE avec la fonctionnalité cluster activé | ||
| Cisco | N/A | Logiciels Cisco IOS XE et certains équipements de la série Cisco 5500-X Adaptive Security Appliances (ASA) exécutant le logiciel Cisco ASA ou Cisco Firepower Threat Defense (FTD) | ||
| Cisco | IOS XE | Logiciels Cisco IOS et IOS XE vulnérables configurés avec une adresse IPv6 | ||
| Cisco | IOS | Commutateur Industrial Ethernet 2000U Series exécutant une version vulnérable de Cisco IOS et configuré pour gérer les paquets PTP | ||
| Cisco | IOS XE | Logiciels Cisco IOS et IOS XE vulnérables configurés avec la fonctionnalité OSPFv3 | ||
| Cisco | IOS | Commutateur Industrial Ethernet 3000 Series exécutant une version vulnérable de Cisco IOS et configuré pour gérer les paquets PTP | ||
| Cisco | IOS | Commutateur 2500 Series Connected Grid exécutant une version vulnérable de Cisco IOS et configuré pour gérer les paquets PTP | ||
| Cisco | IOS XE | Logiciels Cisco IOS XE en version 16.6.1 ou 16.6.2 avec la fonctionnalité CDP activé |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Logiciel Cisco IOS XE vuln\u00e9rable configur\u00e9 avec la fonctionnalit\u00e9 NAT",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateur Industrial Ethernet 2000 Series ex\u00e9cutant une version vuln\u00e9rable de Cisco IOS et configur\u00e9 pour g\u00e9rer les paquets PTP",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateur Industrial Ethernet 4000 Series ex\u00e9cutant une version vuln\u00e9rable de Cisco IOS et configur\u00e9 pour g\u00e9rer les paquets PTP",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Cisco Catalyst 3650 et 3850 ex\u00e9cutant une version logiciel Cisco IOS XE vuln\u00e9rable avec le serveur HTTP activ\u00e9",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateur Industrial Ethernet 5000 Series ex\u00e9cutant une version vuln\u00e9rable de Cisco IOS et configur\u00e9 pour g\u00e9rer les paquets PTP",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateur Industrial Ethernet 3010 Series ex\u00e9cutant une version vuln\u00e9rable de Cisco IOS et configur\u00e9 pour g\u00e9rer les paquets PTP",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateur Cisco Catalyst 3650, 3850 et 4500E ex\u00e9cutant une version vuln\u00e9rable du logiciel Cisco IOS XE avec la fonctionnalit\u00e9 errdisable activ\u00e9",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Routeurs Cisco ISR G2 ou Cisco ISR4451-X avec un module SM-X-1T3/E3 install\u00e9 et ex\u00e9cutant une version vuln\u00e9rable des logiciels Cisco IOS ou IOS XE",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateur Industrial Ethernet 4010 Series ex\u00e9cutant une version vuln\u00e9rable de Cisco IOS et configur\u00e9 pour g\u00e9rer les paquets PTP",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateur Connected Grid Ethernet Module Interface Card ex\u00e9cutant une version vuln\u00e9rable de Cisco IOS et configur\u00e9 pour g\u00e9rer les paquets PTP",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Logiciel Cisco IOS XE vuln\u00e9rable avec le serveur HTTP activ\u00e9",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateur Cisco Catalyst ex\u00e9cutant une version logiciel vuln\u00e9rable de Cisco IOS ou Cisco IOS XE avec la fonctionnalit\u00e9 cluster activ\u00e9",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Logiciels Cisco IOS XE et certains \u00e9quipements de la s\u00e9rie Cisco 5500-X Adaptive Security Appliances (ASA) ex\u00e9cutant le logiciel Cisco ASA ou Cisco Firepower Threat Defense (FTD)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Logiciels Cisco IOS et IOS XE vuln\u00e9rables configur\u00e9s avec une adresse IPv6",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateur Industrial Ethernet 2000U Series ex\u00e9cutant une version vuln\u00e9rable de Cisco IOS et configur\u00e9 pour g\u00e9rer les paquets PTP",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Logiciels Cisco IOS et IOS XE vuln\u00e9rables configur\u00e9s avec la fonctionnalit\u00e9 OSPFv3",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateur Industrial Ethernet 3000 Series ex\u00e9cutant une version vuln\u00e9rable de Cisco IOS et configur\u00e9 pour g\u00e9rer les paquets PTP",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateur 2500 Series Connected Grid ex\u00e9cutant une version vuln\u00e9rable de Cisco IOS et configur\u00e9 pour g\u00e9rer les paquets PTP",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Logiciels Cisco IOS XE en version 16.6.1 ou 16.6.2 avec la fonctionnalit\u00e9 CDP activ\u00e9",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-0472",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0472"
},
{
"name": "CVE-2018-0481",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0481"
},
{
"name": "CVE-2018-0473",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0473"
},
{
"name": "CVE-2018-0475",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0475"
},
{
"name": "CVE-2018-0476",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0476"
},
{
"name": "CVE-2018-0467",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0467"
},
{
"name": "CVE-2018-0469",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0469"
},
{
"name": "CVE-2018-0480",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0480"
},
{
"name": "CVE-2018-0470",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0470"
},
{
"name": "CVE-2018-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0466"
},
{
"name": "CVE-2018-0485",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0485"
},
{
"name": "CVE-2018-0477",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0477"
},
{
"name": "CVE-2018-0471",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0471"
}
],
"initial_release_date": "2018-09-27T00:00:00",
"last_revision_date": "2018-09-27T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-458",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180926-sip-alg du 26 septembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-sip-alg"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180926-iosxe-cmdinj du 26 septembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180926-cmp du 26 septembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cmp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180926-sm1t3e3 du 26 septembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-sm1t3e3"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180926-ospfv3-dos du 26 septembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ospfv3-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180926-ipv6hbh du 26 septembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipv6hbh"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180926-cdp-memleak du 26 septembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cdp-memleak"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180926-ptp du 26 septembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ptp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180926-webdos du 26 septembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webdos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180926-ipsec du 26 septembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipsec"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180926-webuidos du 26 septembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webuidos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180926-errdisable du 26 septembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable"
}
]
}
CERTFR-2018-AVI-270
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Prime Collaboration Assurance | ||
| Cisco | N/A | MediaSense | ||
| Cisco | N/A | Prime Collaboration Provisioning | ||
| Cisco | IOS XE | Cisco IOS XE versions Fuji 16.7.1 ou Fuji 16.8.1 configurées pour utiliser l'authentification AAA | ||
| Cisco | N/A | Cisco Meeting Server (CMS) 2000 exécutant une version logicielle CMS antérieures à 2.2.13 ou 2.3.4. | ||
| Cisco | N/A | Unified Intelligence Center (UIC) | ||
| Cisco | N/A | Emergency Responder | ||
| Cisco | N/A | Hosted Collaboration Mediation Fulfillment | ||
| Cisco | N/A | Prime License Manager | ||
| Cisco | Unified Communications Manager | Unified Communications Manager (UCM) | ||
| Cisco | N/A | Virtualized Voice Browser | ||
| Cisco | Unified Communications Manager | Unified Communications Manager IM and Presence Service (IM&P) | ||
| Cisco | N/A | Cisco Network Services Orchestrator (NSO) versions 4.1 à 4.1.6.0, 4.2 à 4.2.4.0, 4.3 à 4.3.3.0 et 4.4 à 4.4.2.0 | ||
| Cisco | N/A | SocialMiner | ||
| Cisco | N/A | Cisco AsyncOS avec une version 10.5.1, 10.5.2 ou 11.0.0 du logiciel WSA | ||
| Cisco | N/A | Cisco Prime Collaboration Provisioning (PCP) versions 12.2 et antérieures | ||
| Cisco | IP Phone | Cisco IP Phone series 6800, 7800 et 8800 avec un micorgiciel Multiplatform version antérieure à 11.1(2) | ||
| Cisco | N/A | Unified Contact Center Express (UCCx) | ||
| Cisco | N/A | Finesse | ||
| Cisco | Unity Connection | Unity Connection | ||
| Cisco | N/A | Unified Communication Manager Session Management Edition (SME) |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Prime Collaboration Assurance",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "MediaSense",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Prime Collaboration Provisioning",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE versions Fuji 16.7.1 ou Fuji 16.8.1 configur\u00e9es pour utiliser l\u0027authentification AAA",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Meeting Server (CMS) 2000 ex\u00e9cutant une version logicielle CMS ant\u00e9rieures \u00e0 2.2.13 ou 2.3.4.",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Intelligence Center (UIC)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Emergency Responder",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Hosted Collaboration Mediation Fulfillment",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Prime License Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Manager (UCM)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Virtualized Voice Browser",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Manager IM and Presence Service (IM\u0026P)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Network Services Orchestrator (NSO) versions 4.1 \u00e0 4.1.6.0, 4.2 \u00e0 4.2.4.0, 4.3 \u00e0 4.3.3.0 et 4.4 \u00e0 4.4.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "SocialMiner",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS avec une version 10.5.1, 10.5.2 ou 11.0.0 du logiciel WSA",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Collaboration Provisioning (PCP) versions 12.2 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Phone series 6800, 7800 et 8800 avec un micorgiciel Multiplatform version ant\u00e9rieure \u00e0 11.1(2)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Contact Center Express (UCCx)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Finesse",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unity Connection",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communication Manager Session Management Edition (SME)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-0320",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0320"
},
{
"name": "CVE-2018-0317",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0317"
},
{
"name": "CVE-2018-0274",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0274"
},
{
"name": "CVE-2018-0321",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0321"
},
{
"name": "CVE-2018-0319",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0319"
},
{
"name": "CVE-2017-6779",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6779"
},
{
"name": "CVE-2018-0296",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0296"
},
{
"name": "CVE-2018-0318",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0318"
},
{
"name": "CVE-2018-0263",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0263"
},
{
"name": "CVE-2018-0316",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0316"
},
{
"name": "CVE-2018-0315",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0315"
},
{
"name": "CVE-2018-0322",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0322"
},
{
"name": "CVE-2018-0353",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0353"
}
],
"initial_release_date": "2018-06-07T00:00:00",
"last_revision_date": "2018-06-07T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-270",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-07T00:00:00.000000"
},
{
"description": "Version initiale",
"revision_date": "2018-06-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-cms-id du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-bypass du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-password-recovery du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-multiplatform-sip du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-diskdos du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-asaftd du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-sql du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-sql"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-access du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-access"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-aaa du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-wsa du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-password-reset du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-nso du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-rmi du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-rmi"
}
]
}
CERTFR-2023-ALE-011
Vulnerability from certfr_alerte
[Mise à jour du 02 novembre 2023]
La version 17.3.8a est disponible.
[Mise à jour du 31 octobre 2023]
Les détails techniques de la vulnérabilité CVE-2023-20198 sont désormais disponibles publiquement. Cette vulnérabilité était déjà massivement exploitée. Tous les équipements exposant l'interface de gestion Web d'IOS XE doivent être considérés comme compromis.
[Mise à jour du 30 octobre 2023]
Les versions 17.6.6a et 16.12.10a sont disponibles.
[Mise à jour du 23 octobre 2023]
Le 22 octobre 2023, Cisco a mis à jour son avis de sécurité pour ajouter la vulnérabilité CVE-2023-20273. Celle-ci est activement exploitée par les attaquants pour élever leurs privilèges à root après avoir créé un utilisateur de niveau 15. Cela leur permet de placer un implant sur le système de fichiers de l'équipement.
La version 17.9.4a corrige ces vulnérabilités pour la branche 17.9.x. La date de disponibilité des autres correctifs n'a pas été annoncée.
[Publication initiale]
Le 16 octobre 2023, Cisco a publié un avis de sécurité concernant la vulnérabilité CVE-2023-20198 affectant l'interface Web de gestion d'IOS XE (webui). Cette vulnérabilité permet à un attaquant non authentifié de créer un utilisateur disposant des privilèges de niveau 15. Cela donne accès à toutes les commandes et la possibilité de modifier la configuration de l'équipement vulnérable, ce qui revient à en prendre le contrôle complet. Le score CVSSv3 de cette vulnérabilité est de 10 (sur 10).
Cisco n'a pas encore publié de correctifs de sécurité pour la vulnérabilité CVE-2023-20198. De plus, l'éditeur indique que cette vulnérabilité est activement exploitée.
L'avis de l'éditeur documente les indicateurs de compromission permettant de rechercher des éventuelles exploitations de cette vulnérabilité.
Contournement provisoire
Dans l'attente des correctifs de sécurité, Cisco recommande de vérifier les configurations des différents équipements et de désactiver complétement l'interface webui (en HTTP et HTTPS) si celle-ci est activée.
Le CERT-FR rappelle que les interfaces de gestion ne doivent être accessibles que depuis un réseau d'administration sécurisé. Se référer aux recommandations de l'ANSSI relatives à l'administration sécurisée des systèmes d'information (cf. section Documentation)
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IOS XE | IOS XE versions 17.6.x antérieures à 17.6.6a | ||
| Cisco | IOS XE | Cisco IOS XE si l'interface Web de gestion est accessible | ||
| Cisco | IOS XE | IOS XE sur Catalyst 3650 et 3850 versions 16.12.x antérieures à 16.12.10a | ||
| Cisco | IOS XE | IOS XE versions 17.3.x antérieures à 17.3.8a | ||
| Cisco | IOS XE | IOS XE versions 17.9.x antérieures à 17.9.4a |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IOS XE versions 17.6.x ant\u00e9rieures \u00e0 17.6.6a",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE si l\u0027interface Web de gestion est accessible",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE sur Catalyst 3650 et 3850 versions 16.12.x ant\u00e9rieures \u00e0 16.12.10a",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE versions 17.3.x ant\u00e9rieures \u00e0 17.3.8a",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE versions 17.9.x ant\u00e9rieures \u00e0 17.9.4a",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"closed_at": "2024-02-16",
"content": "## Contournement provisoire\n\nDans l\u0027attente des correctifs de s\u00e9curit\u00e9, Cisco recommande de v\u00e9rifier\nles configurations des diff\u00e9rents \u00e9quipements et de \u003cu\u003ed\u00e9sactiver\ncompl\u00e9tement l\u0027interface *webui* (en HTTP et HTTPS)\u003c/u\u003e si celle-ci est\nactiv\u00e9e.\n\nLe CERT-FR rappelle que les interfaces de gestion ne doivent \u00eatre\naccessibles que depuis un r\u00e9seau d\u0027administration s\u00e9curis\u00e9. Se r\u00e9f\u00e9rer\naux recommandations de l\u0027ANSSI relatives \u00e0 l\u0027administration s\u00e9curis\u00e9e\ndes syst\u00e8mes d\u0027information (cf. section Documentation)\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-20198",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20198"
},
{
"name": "CVE-2023-20273",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20273"
}
],
"initial_release_date": "2023-10-17T00:00:00",
"last_revision_date": "2024-02-16T00:00:00",
"links": [
{
"title": "Avis CERT-FR CERTFR-2023-AVI-0878 du 23 octobre 2023",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0878/"
},
{
"title": "Recommandations de l\u0027ANSSI relatives \u00e0 l\u0027administration s\u00e9curis\u00e9e des syst\u00e8mes d\u0027information",
"url": "https://www.ssi.gouv.fr/uploads/2018/04/anssi-guide-admin_securisee_si_v3-0.pdf"
}
],
"reference": "CERTFR-2023-ALE-011",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-17T00:00:00.000000"
},
{
"description": "Les versions 17.6.6a et 16.12.10a sont disponibles.",
"revision_date": "2023-10-30T00:00:00.000000"
},
{
"description": "POC disponible publiquement.",
"revision_date": "2023-10-31T00:00:00.000000"
},
{
"description": "La version 17.3.8a est disponible.",
"revision_date": "2023-11-02T00:00:00.000000"
},
{
"description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
"revision_date": "2024-02-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003e\\[Mise \u00e0 jour du 02 novembre\n2023\\]\u003c/strong\u003e\u003c/span\u003e\n\nLa version 17.3.8a est disponible.\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 31 octobre 2023\\]\u003c/strong\u003e\n\nLes d\u00e9tails techniques de la vuln\u00e9rabilit\u00e9 CVE-2023-20198 sont d\u00e9sormais\ndisponibles publiquement. Cette vuln\u00e9rabilit\u00e9 \u00e9tait d\u00e9j\u00e0 massivement\nexploit\u00e9e. Tous les \u00e9quipements exposant l\u0027interface de gestion Web\nd\u0027IOS XE doivent \u00eatre consid\u00e9r\u00e9s comme compromis.\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 30 octobre 2023\\]\u003c/strong\u003e\n\nLes versions 17.6.6a et 16.12.10a sont disponibles.\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 23 octobre 2023\\]\u003c/strong\u003e\n\nLe 22 octobre 2023, Cisco a mis \u00e0 jour son avis de s\u00e9curit\u00e9 pour ajouter\nla vuln\u00e9rabilit\u00e9 CVE-2023-20273. Celle-ci est activement exploit\u00e9e par\nles attaquants pour \u00e9lever leurs privil\u00e8ges \u00e0 *root* apr\u00e8s avoir cr\u00e9\u00e9 un\nutilisateur de niveau 15. Cela leur permet de placer un implant sur le\nsyst\u00e8me de fichiers de l\u0027\u00e9quipement.\n\nLa version 17.9.4a corrige ces vuln\u00e9rabilit\u00e9s pour la branche 17.9.x. La\ndate de disponibilit\u00e9 des autres correctifs n\u0027a pas \u00e9t\u00e9 annonc\u00e9e.\n\n\u003cstrong\u003e\\[Publication initiale\\]\u003c/strong\u003e\n\nLe 16 octobre 2023, Cisco a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant la\nvuln\u00e9rabilit\u00e9 CVE-2023-20198 affectant l\u0027interface Web de gestion d\u0027IOS\nXE (*webui*). Cette vuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant non authentifi\u00e9\nde cr\u00e9er un [utilisateur disposant des privil\u00e8ges de niveau\n15](https://learningnetwork.cisco.com/s/blogs/a0D3i000002eeWTEAY/cisco-ios-privilege-levels).\nCela donne acc\u00e8s \u00e0 toutes les commandes et la possibilit\u00e9 de modifier la\nconfiguration de l\u0027\u00e9quipement vuln\u00e9rable, ce qui revient \u00e0 en prendre le\ncontr\u00f4le complet. Le score CVSSv3 de cette vuln\u00e9rabilit\u00e9 est de 10 (sur\n10).\n\nCisco \u003cu\u003en\u0027a pas encore publi\u00e9 de correctifs\u003c/u\u003e de s\u00e9curit\u00e9 pour la\nvuln\u00e9rabilit\u00e9 CVE-2023-20198. De plus, l\u0027\u00e9diteur indique que cette\nvuln\u00e9rabilit\u00e9 est \u003cu\u003eactivement exploit\u00e9e\u003c/u\u003e.\n\nL\u0027avis de l\u0027\u00e9diteur documente les indicateurs de compromission\npermettant de rechercher des \u00e9ventuelles exploitations de cette\nvuln\u00e9rabilit\u00e9.\n\n\u00a0\n",
"title": "[M\u00e0J] Multiples vuln\u00e9rabilit\u00e9s dans Cisco IOS XE",
"vendor_advisories": [
{
"published_at": "2023-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-webui-privesc-j22SaA4z",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z"
}
]
}