Refine your search
16 vulnerabilities found for IP Phone by Cisco
CERTFR-2025-AVI-0884
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IP Phone | IP Phone 8821 avec une version logicielle de SIP antérieure à 11.0(6)SR7 | ||
| Cisco | Desk Phone | Desk Phone 9800 Series avec une version logicielle de SIP antérieure à 3.3(1) | ||
| Cisco | IP Phone | IP Phone 8800 Series avec une version logicielle de SIP antérieure à 14.4(1) | ||
| Cisco | Video Phone | Video Phone 8875 avec une version logicielle de SIP antérieure à 3.3(1) | ||
| Cisco | IP Phone | IP Phone 7800 Series avec une version logicielle de SIP antérieure à 14.4(1) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IP Phone 8821 avec une version logicielle de SIP ant\u00e9rieure \u00e0 11.0(6)SR7",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Desk Phone 9800 Series avec une version logicielle de SIP ant\u00e9rieure \u00e0 3.3(1)",
"product": {
"name": "Desk Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Phone 8800 Series avec une version logicielle de SIP ant\u00e9rieure \u00e0 14.4(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Video Phone 8875 avec une version logicielle de SIP ant\u00e9rieure \u00e0 3.3(1)",
"product": {
"name": "Video Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Phone 7800 Series avec une version logicielle de SIP ant\u00e9rieure \u00e0 14.4(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20350"
},
{
"name": "CVE-2025-20351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20351"
}
],
"initial_release_date": "2025-10-16T00:00:00",
"last_revision_date": "2025-10-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0884",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-phone-dos-FPyjLV7A",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-dos-FPyjLV7A"
}
]
}
CERTFR-2024-AVI-0357
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Cisco IP Phone. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IP Phone 6800 Series avec un microgiciel Multiplatform",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Phone 8800 Series avec un microgiciel Multiplatform",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Video Phone 8875 en mode Multiplatform",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Phone 7800 Series avec un microgiciel Multiplatform",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20357",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20357"
},
{
"name": "CVE-2024-20376",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20376"
},
{
"name": "CVE-2024-20378",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20378"
}
],
"initial_release_date": "2024-05-02T00:00:00",
"last_revision_date": "2024-05-02T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0357",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco IP Phone.\nElles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, un contournement de la politique de\ns\u00e9curit\u00e9 et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco IP Phone",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ipphone-multi-vulns-cXAhCvS du 01 mai 2024",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
}
]
}
CERTFR-2022-AVI-1085
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans le produit Cisco IP Phone. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IP Phone Firmware versions ant\u00e9rieures \u00e0 14.2(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-20968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20968"
}
],
"initial_release_date": "2022-12-09T00:00:00",
"last_revision_date": "2023-04-28T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1085",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-09T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour de la version du logiciel",
"revision_date": "2023-04-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le produit Cisco IP Phone. Elle\npermet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0\ndistance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans le produit Cisco IP Phone",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ipp-oobwrite-8cMF5r7U du 08 d\u00e9cembre 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U"
}
]
}
CERTFR-2020-AVI-227
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IP Phone | Cisco IP Phone 8811, 8841, 8845, 8851, 8861 et 8865 versions antérieures à 11.7(1) | ||
| Cisco | N/A | Cisco Aironet Access Points versions antérieures à 8.5.161.0 | ||
| Cisco | N/A | Webex Meetings Online versions antérieures à 1.3.48 | ||
| Cisco | N/A | Cisco UCM et SME versions antérieures à 10.5(2)SU9 | ||
| Cisco | N/A | Cisco WLC versions 8.6.x, 8.7.x et 8.8.x antérieures à 8.8.130.0 | ||
| Cisco | N/A | Cisco Aironet Access Points versions 8.6.x et 8.7.x antérieures à 8.8.130.0 | ||
| Cisco | N/A | Cisco IoT Field Network Director versions antérieures à 4.6 | ||
| Cisco | N/A | Webex Meetings 39.5.x Sites versions antérieures à 39.5.18 | ||
| Cisco | N/A | Unified IP Conference Phone 8831 versions antérieures à 10.3(1)SR6 | ||
| Cisco | N/A | Cisco UCS Director versions antérieures à 6.7.4.0 | ||
| Cisco | N/A | Cisco Aironet Access Points versions 8.9.x antérieures à 8.10.121.0 | ||
| Cisco | N/A | Cisco UCM et SME versions 12.x antérieures à 12.5(1)SU2 | ||
| Cisco | N/A | Cisco Mobility Express versions 8.6.x, 8.7.x et 8.8.x antérieures à 8.8.130.0 | ||
| Cisco | N/A | Cisco UCS Director Express for Big Data versions antérieures à 3.7.4.0 | ||
| Cisco | N/A | Webex Meetings Latest Sites versions antérieures à 40.2 | ||
| Cisco | N/A | Cisco Mobility Express versions antérieures à 8.5.161.0 | ||
| Cisco | N/A | Cisco UCM et SME versions 11.x antérieures à 11.5(1)SU7 | ||
| Cisco | N/A | Cisco Mobility Express versions 8.9.x et 9.10.x antérieures à 8.10.121.0 | ||
| Cisco | N/A | Webex Meetings Server versions antérieures à 4.0MR2SecurityPatch3 | ||
| Cisco | IP Phone | Cisco Wireless IP Phone 8821 et 8821-EX versions antérieures à 11.0(5)SR3 | ||
| Cisco | N/A | Cisco WLC versions 8.9.x et 8.10.x antérieures à 8.10.121.0 | ||
| Cisco | N/A | Cisco WLC versions antérieures à 8.5.161.0 | ||
| Cisco | N/A | Cisco Aironet Access Points Embedded Wireless Controller versions antérieures à 16.11.1b | ||
| Cisco | IP Phone | Cisco IP Phone 7811, 7821, 7841 et 7861 versions antérieures à 11.7(1) |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IP Phone 8811, 8841, 8845, 8851, 8861 et 8865 versions ant\u00e9rieures \u00e0 11.7(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet Access Points versions ant\u00e9rieures \u00e0 8.5.161.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Meetings Online versions ant\u00e9rieures \u00e0 1.3.48",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCM et SME versions ant\u00e9rieures \u00e0 10.5(2)SU9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WLC versions 8.6.x, 8.7.x et 8.8.x ant\u00e9rieures \u00e0 8.8.130.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet Access Points versions 8.6.x et 8.7.x ant\u00e9rieures \u00e0 8.8.130.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IoT Field Network Director versions ant\u00e9rieures \u00e0 4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Meetings 39.5.x Sites versions ant\u00e9rieures \u00e0 39.5.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified IP Conference Phone 8831 versions ant\u00e9rieures \u00e0 10.3(1)SR6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS Director versions ant\u00e9rieures \u00e0 6.7.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet Access Points versions 8.9.x ant\u00e9rieures \u00e0 8.10.121.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCM et SME versions 12.x ant\u00e9rieures \u00e0 12.5(1)SU2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Mobility Express versions 8.6.x, 8.7.x et 8.8.x ant\u00e9rieures \u00e0 8.8.130.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS Director Express for Big Data versions ant\u00e9rieures \u00e0 3.7.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Meetings Latest Sites versions ant\u00e9rieures \u00e0 40.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Mobility Express versions ant\u00e9rieures \u00e0 8.5.161.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCM et SME versions 11.x ant\u00e9rieures \u00e0 11.5(1)SU7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Mobility Express versions 8.9.x et 9.10.x ant\u00e9rieures \u00e0 8.10.121.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Meetings Server versions ant\u00e9rieures \u00e0 4.0MR2SecurityPatch3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wireless IP Phone 8821 et 8821-EX versions ant\u00e9rieures \u00e0 11.0(5)SR3",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WLC versions 8.9.x et 8.10.x ant\u00e9rieures \u00e0 8.10.121.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WLC versions ant\u00e9rieures \u00e0 8.5.161.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet Access Points Embedded Wireless Controller versions ant\u00e9rieures \u00e0 16.11.1b",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Phone 7811, 7821, 7841 et 7861 versions ant\u00e9rieures \u00e0 11.7(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-3273",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3273"
},
{
"name": "CVE-2020-3251",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3251"
},
{
"name": "CVE-2020-3161",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3161"
},
{
"name": "CVE-2020-3162",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3162"
},
{
"name": "CVE-2020-3247",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3247"
},
{
"name": "CVE-2020-3249",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3249"
},
{
"name": "CVE-2020-3262",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3262"
},
{
"name": "CVE-2020-3240",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3240"
},
{
"name": "CVE-2016-1421",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1421"
},
{
"name": "CVE-2020-3194",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3194"
},
{
"name": "CVE-2020-3261",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3261"
},
{
"name": "CVE-2020-3243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3243"
},
{
"name": "CVE-2020-3250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3250"
},
{
"name": "CVE-2020-3239",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3239"
},
{
"name": "CVE-2020-3260",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3260"
},
{
"name": "CVE-2020-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3177"
},
{
"name": "CVE-2020-3252",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3252"
},
{
"name": "CVE-2020-3248",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3248"
}
],
"initial_release_date": "2020-04-16T00:00:00",
"last_revision_date": "2020-04-16T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-227",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wlc-capwap-dos-Y2sD9uEw du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-capwap-dos-Y2sD9uEw"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ucsd-mult-vulns-UNfpdW4E du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webex-player-Q7Rtgvby du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-mob-exp-csrf-b8tFec24 du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cucm-taps-path-trav-pfsFO93r du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-taps-path-trav-pfsFO93r"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-airo-wpa-dos-5ZLs6ESz du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-dos-5ZLs6ESz"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-voip-phones-rce-dos-rB6EeRXs du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phones-rce-dos-rB6EeRXs"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iot-coap-dos-WTBu6YTq du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-coap-dos-WTBu6YTq"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160609-ipp du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wlc-gas-dos-8FsE3AWH du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-gas-dos-8FsE3AWH"
}
]
}
CERTFR-2020-AVI-073
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | IP Conference Phone 8832 versions antérieures à 12.7(1) | ||
| Cisco | N/A | IP Conference Phone 7832 avec microgiciel multi-plateformes versions antérieures à 11.3(1)SR1 | ||
| Cisco | N/A | Cisco FXOS, IOS XR, et NX-OS (se référer au bulletin de sécurité de l'éditeur cisco-sa-20200205-fxnxos-iosxr-cdp-dos, cf. section Documentation) | ||
| Cisco | N/A | Unified IP Conference Phone 8831 for Third-Party Call Control | ||
| Cisco | IP Phone | IP Phone 8811, 8841, 8851, 8861, 8845 et 8865 Desktop Phones versions antérieures à 12.7(1) | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 7.0(3)I7(8) (disponible en février 2020) | ||
| Cisco | IP Phone | IP Phone 6821, 6841, 6851, 6861 et 6871 avec microgiciel multi-plateformes versions antérieures à 11.3(1)SR1 | ||
| Cisco | IOS XR | Cisco IOS XR versions 7.0.x antérieures à 7.0.2 (disponible en mars 2020) | ||
| Cisco | N/A | IP Conference Phone 7832 versions antérieures à 12.7(1) | ||
| Cisco | IP Phone | Wireless IP Phone 8821 et 8821-EX versions antérieures à 11.0(5)SR2 | ||
| Cisco | IP Phone | IP Phone 8811, 8841, 8851, 8861, 8845 et 8865 Desktop Phones avec microgiciel multi-plateformes versions antérieures à 11.3(1)SR1 | ||
| Cisco | IP Phone | IP Phone 7811, 7821, 7841 et 7861 Desktop Phones avec microgiciel multi-plateformes versions antérieures à 11.3(1)SR1 | ||
| Cisco | IP Phone | IP Phone 7811, 7821, 7841 et 7861 Desktop Phones versions antérieures à 12.7(1) | ||
| Cisco | NX-OS | Cisco NX-OS versions7.0(3)F, 9.2 et 9.3 antérieures à 9.3(2) | ||
| Cisco | IOS XR | Cisco IOS XR versions 5.2.5, 6.4.2, 6.5.3, 6.6.12, 6.6.25 et 7.0.1 sans le dernier correctif de sécurité (se référer au bulletin de sécurité de l'éditeurcisco-sa-20200205-iosxr-cdp-rce, cf. section Documentation) | ||
| Cisco | IOS XR | Cisco IOS XR versions antérieures à 6.6.3 | ||
| Cisco | N/A | Unified IP Conference Phone 8831 versions antérieures à 10.3(1)SR6 (disponible en mars 2020) | ||
| Cisco | N/A | Cisco Video Surveillance 8000 Series IP Cameras versions antérieures à 1.0.7 | ||
| Cisco | N/A | IP Conference Phone 8832 avec microgiciel multi-plateformes versions antérieures à 11.3(1)SR1 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IP Conference Phone 8832 versions ant\u00e9rieures \u00e0 12.7(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Conference Phone 7832 avec microgiciel multi-plateformes versions ant\u00e9rieures \u00e0 11.3(1)SR1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FXOS, IOS XR, et NX-OS (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur cisco-sa-20200205-fxnxos-iosxr-cdp-dos, cf. section Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified IP Conference Phone 8831 for Third-Party Call Control",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Phone 8811, 8841, 8851, 8861, 8845 et 8865 Desktop Phones versions ant\u00e9rieures \u00e0 12.7(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 7.0(3)I7(8) (disponible en f\u00e9vrier 2020)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Phone 6821, 6841, 6851, 6861 et 6871 avec microgiciel multi-plateformes versions ant\u00e9rieures \u00e0 11.3(1)SR1",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 7.0.x ant\u00e9rieures \u00e0 7.0.2 (disponible en mars 2020)",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Conference Phone 7832 versions ant\u00e9rieures \u00e0 12.7(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Wireless IP Phone 8821 et 8821-EX versions ant\u00e9rieures \u00e0 11.0(5)SR2",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Phone 8811, 8841, 8851, 8861, 8845 et 8865 Desktop Phones avec microgiciel multi-plateformes versions ant\u00e9rieures \u00e0 11.3(1)SR1",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Phone 7811, 7821, 7841 et 7861 Desktop Phones avec microgiciel multi-plateformes versions ant\u00e9rieures \u00e0 11.3(1)SR1",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Phone 7811, 7821, 7841 et 7861 Desktop Phones versions ant\u00e9rieures \u00e0 12.7(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions7.0(3)F, 9.2 et 9.3 ant\u00e9rieures \u00e0 9.3(2)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 5.2.5, 6.4.2, 6.5.3, 6.6.12, 6.6.25 et 7.0.1 sans le dernier correctif de s\u00e9curit\u00e9 (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteurcisco-sa-20200205-iosxr-cdp-rce, cf. section Documentation)",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions ant\u00e9rieures \u00e0 6.6.3",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified IP Conference Phone 8831 versions ant\u00e9rieures \u00e0 10.3(1)SR6 (disponible en mars 2020)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Surveillance 8000 Series IP Cameras versions ant\u00e9rieures \u00e0 1.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Conference Phone 8832 avec microgiciel multi-plateformes versions ant\u00e9rieures \u00e0 11.3(1)SR1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-3111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3111"
},
{
"name": "CVE-2020-3119",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3119"
},
{
"name": "CVE-2020-3110",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3110"
},
{
"name": "CVE-2020-3118",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3118"
},
{
"name": "CVE-2020-3120",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3120"
}
],
"initial_release_date": "2020-02-06T00:00:00",
"last_revision_date": "2020-02-06T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-073",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-02-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200205-nxos-cdp-rce du 05 f\u00e9vrier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200205-voip-phones-rce-dos du 05 f\u00e9vrier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200205-iosxr-cdp-rce du 05 f\u00e9vrier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-iosxr-cdp-rce"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200205-ipcameras-rce-dos du 05 f\u00e9vrier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-ipcameras-rce-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200205-fxnxos-iosxr-cdp-dos du 05 f\u00e9vrier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos"
}
]
}
CERTFR-2019-AVI-193
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IP Phone | Cisco Wireless IP Phone 8821 et 8821-EX versions antérieures à 11.0(5) | ||
| Cisco | N/A | Cisco 250 Series Smart Switches, 350 Series et 350x Series Managed Switches et 550X Series Stackable Managed Switches versions antérieures à 2.5.0.78 | ||
| Cisco | N/A | Cisco AsyncOS versions 11.7.x antérieures à 11.7.0-406 | ||
| Cisco | N/A | Cisco ASA versions antérieures à 9.4.4.34 | ||
| Cisco | N/A | Cisco AsyncOS versions 10.1.x antérieures à 10.1.4-017 | ||
| Cisco | N/A | Cisco Firepower et FMC versions 6.3.x antérieures à 6.3.0.3 (sortie prévue pour la semaine du 6 mai 2019) | ||
| Cisco | Small Business | Cisco Small Business 200 Series Smart Switches et Small Business 300 Series et 500 Series Managed Switches versions antérieures à 1.4.10.6 | ||
| Cisco | N/A | Cisco ASA versions 9.10.x antérieures à 9.10.1.17 | ||
| Cisco | N/A | Cisco ASA versions 9.5.x et 9.6.x antérieures à 9.6.4.25 | ||
| Cisco | N/A | Cisco Nexus 9000 Series ACI Mode Switch versions antérieures à 14.1(1i) | ||
| Cisco | N/A | Cisco ASA versions 9.7.x et 9.8.x antérieures à 9.8.4 | ||
| Cisco | N/A | Cisco Firepower et FMC versions antérieures à 6.2.3.12 | ||
| Cisco | N/A | Cisco RV320 et RV325 Dual Gigabit WAN VPN Routers Firmware versions antérieures à 1.4.2.20 | ||
| Cisco | N/A | Cisco ASA versions 9.9.x antérieures à 9.9.2.50 | ||
| Cisco | IP Phone | Cisco IP Phone 7800 Series et 8800 Series versions antérieures à 12.5(1) | ||
| Cisco | N/A | Cisco Nexus 9000 Series Application Policy Infrastructure Controller (APIC) versions antérieures à 4.1(1i) | ||
| Cisco | N/A | Cisco AsyncOS versions 10.5.x antérieures à 10.5.4-018 | ||
| Cisco | N/A | Cisco AsyncOS versions 11.5.x antérieures à 11.5.2-020 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Wireless IP Phone 8821 et 8821-EX versions ant\u00e9rieures \u00e0 11.0(5)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 250 Series Smart Switches, 350 Series et 350x Series Managed Switches et 550X Series Stackable Managed Switches versions ant\u00e9rieures \u00e0 2.5.0.78",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS versions 11.7.x ant\u00e9rieures \u00e0 11.7.0-406",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions ant\u00e9rieures \u00e0 9.4.4.34",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS versions 10.1.x ant\u00e9rieures \u00e0 10.1.4-017",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower et FMC versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.3 (sortie pr\u00e9vue pour la semaine du 6 mai 2019)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Small Business 200 Series Smart Switches et Small Business 300 Series et 500 Series Managed Switches versions ant\u00e9rieures \u00e0 1.4.10.6",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions 9.10.x ant\u00e9rieures \u00e0 9.10.1.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions 9.5.x et 9.6.x ant\u00e9rieures \u00e0 9.6.4.25",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 9000 Series ACI Mode Switch versions ant\u00e9rieures \u00e0 14.1(1i)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions 9.7.x et 9.8.x ant\u00e9rieures \u00e0 9.8.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower et FMC versions ant\u00e9rieures \u00e0 6.2.3.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV320 et RV325 Dual Gigabit WAN VPN Routers Firmware versions ant\u00e9rieures \u00e0 1.4.2.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions 9.9.x ant\u00e9rieures \u00e0 9.9.2.50",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Phone 7800 Series et 8800 Series versions ant\u00e9rieures \u00e0 12.5(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 9000 Series Application Policy Infrastructure Controller (APIC) versions ant\u00e9rieures \u00e0 4.1(1i)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS versions 10.5.x ant\u00e9rieures \u00e0 10.5.4-018",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS versions 11.5.x ant\u00e9rieures \u00e0 11.5.2-020",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1807"
},
{
"name": "CVE-2019-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1635"
},
{
"name": "CVE-2019-1817",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1817"
},
{
"name": "CVE-2018-15462",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15462"
},
{
"name": "CVE-2019-1859",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1859"
},
{
"name": "CVE-2019-1803",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1803"
},
{
"name": "CVE-2019-1816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1816"
},
{
"name": "CVE-2019-1704",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1704"
},
{
"name": "CVE-2019-1708",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1708"
},
{
"name": "CVE-2019-1724",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1724"
},
{
"name": "CVE-2018-15388",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15388"
},
{
"name": "CVE-2019-1714",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1714"
},
{
"name": "CVE-2019-1694",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1694"
},
{
"name": "CVE-2019-1693",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1693"
},
{
"name": "CVE-2019-1703",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1703"
},
{
"name": "CVE-2019-1713",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1713"
},
{
"name": "CVE-2019-1715",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1715"
},
{
"name": "CVE-2019-1804",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1804"
},
{
"name": "CVE-2019-1696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1696"
},
{
"name": "CVE-2019-1706",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1706"
}
],
"initial_release_date": "2019-05-02T00:00:00",
"last_revision_date": "2019-05-02T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-193",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-05-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-asa-ftd-ike-dos du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-ike-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-asa-ipsec-dos du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ipsec-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-wsa-dos du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-wsa-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-frpwr-dos du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-wsa-privesc du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-wsa-privesc"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-sd-cpu-dos du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-sd-cpu-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-frpwr-smb-snort du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-smb-snort"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-firepower-dos du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-firepower-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-udb-sm du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-udb-sm"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-sbr-hijack du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-sbr-hijack"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-phone-sip-xml-dos du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-phone-sip-xml-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-asa-ftd-entropy du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-entropy"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-asa-csrf du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-csrf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-asa-frpwrtd-dos du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-frpwrtd-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-nexus9k-rpe du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-rpe"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-asa-ftd-dos du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-scbv du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-scbv"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-aci-insecure-fabric du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-aci-insecure-fabric"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-apic-priv-escalation du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-apic-priv-escalation"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-asaftd-saml-vpn du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-nexus9k-sshkey du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-aci-hw-clock-util du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-aci-hw-clock-util"
}
]
}
CERTFR-2019-AVI-120
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Cisco IP Phone. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IP Phone | Cisco IP Phone exécutant une version logicielle de SIP antérieure à 11.0(5) pour Wireless IP Phone 8821-EX et 12.5(1)SR1 pour la série IP Phone 8800 | ||
| Cisco | IP Phone | Cisco IP Phone 7800 et 8800 exécutant une version logicielle de SIP avec la fonctionnalité web service active antérieure à 10.3(1)SR5 pour Unified IP Conference Phone 8831, 11.0(4)SR3 pour Wireless IP Phone 8821 et 8821-EX et 12.5(1)SR1 pour le restes des IP Phone 7800 et 8800 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IP Phone ex\u00e9cutant une version logicielle de SIP ant\u00e9rieure \u00e0 11.0(5) pour Wireless IP Phone 8821-EX et 12.5(1)SR1 pour la s\u00e9rie IP Phone 8800",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Phone 7800 et 8800 ex\u00e9cutant une version logicielle de SIP avec la fonctionnalit\u00e9 web service active ant\u00e9rieure \u00e0 10.3(1)SR5 pour Unified IP Conference Phone 8831, 11.0(4)SR3 pour Wireless IP Phone 8821 et 8821-EX et 12.5(1)SR1 pour le restes des IP Phone 7800 et 8800",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1766"
},
{
"name": "CVE-2019-1764",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1764"
},
{
"name": "CVE-2019-1763",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1763"
},
{
"name": "CVE-2019-1765",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1765"
},
{
"name": "CVE-2019-1716",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1716"
}
],
"initial_release_date": "2019-03-21T00:00:00",
"last_revision_date": "2019-03-21T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-120",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco IP Phone.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco IP Phone",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190320-ipab du 20 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipab"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190320-ip-phone-csrf du 20 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-csrf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190320-ip-phone-rce du 20 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-rce"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190320-ipptv du 20 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipptv"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190320-ipfudos du 20 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipfudos"
}
]
}
CERTFR-2018-AVI-341
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco . Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IP Phone | Cisco IP Phone séries 6800, 7800 et 8800 avec le microgiciel Multiplatform versions antérieures à 11.2(1) | ||
| Cisco | N/A | Cisco StarOS versions 21.3.x antérieures à 21.3.15 | ||
| Cisco | N/A | Cisco StarOS versions 21.4.x et 21.5.x antérieures à 21.5.7 | ||
| Cisco | N/A | Cisco StarOS versions N5.0.x et V5.1.x antérieures à N5.1.11 (21.6.5) | ||
| Cisco | N/A | Cisco StarOS versions 21.6.x antérieures à 21.6.4 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IP Phone s\u00e9ries 6800, 7800 et 8800 avec le microgiciel Multiplatform versions ant\u00e9rieures \u00e0 11.2(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco StarOS versions 21.3.x ant\u00e9rieures \u00e0 21.3.15",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco StarOS versions 21.4.x et 21.5.x ant\u00e9rieures \u00e0 21.5.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco StarOS versions N5.0.x et V5.1.x ant\u00e9rieures \u00e0 N5.1.11 (21.6.5)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco StarOS versions 21.6.x ant\u00e9rieures \u00e0 21.6.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-0369",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0369"
},
{
"name": "CVE-2018-0341",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0341"
}
],
"initial_release_date": "2018-07-12T00:00:00",
"last_revision_date": "2018-07-12T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-341",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco\n. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180711-phone-webui-inject du 11 juillet 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-phone-webui-inject"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180711-staros-dos du 11 juillet 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-staros-dos"
}
]
}
CERTFR-2018-AVI-270
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Prime Collaboration Assurance | ||
| Cisco | N/A | MediaSense | ||
| Cisco | N/A | Prime Collaboration Provisioning | ||
| Cisco | IOS XE | Cisco IOS XE versions Fuji 16.7.1 ou Fuji 16.8.1 configurées pour utiliser l'authentification AAA | ||
| Cisco | N/A | Cisco Meeting Server (CMS) 2000 exécutant une version logicielle CMS antérieures à 2.2.13 ou 2.3.4. | ||
| Cisco | N/A | Unified Intelligence Center (UIC) | ||
| Cisco | N/A | Emergency Responder | ||
| Cisco | N/A | Hosted Collaboration Mediation Fulfillment | ||
| Cisco | N/A | Prime License Manager | ||
| Cisco | Unified Communications Manager | Unified Communications Manager (UCM) | ||
| Cisco | N/A | Virtualized Voice Browser | ||
| Cisco | Unified Communications Manager | Unified Communications Manager IM and Presence Service (IM&P) | ||
| Cisco | N/A | Cisco Network Services Orchestrator (NSO) versions 4.1 à 4.1.6.0, 4.2 à 4.2.4.0, 4.3 à 4.3.3.0 et 4.4 à 4.4.2.0 | ||
| Cisco | N/A | SocialMiner | ||
| Cisco | N/A | Cisco AsyncOS avec une version 10.5.1, 10.5.2 ou 11.0.0 du logiciel WSA | ||
| Cisco | N/A | Cisco Prime Collaboration Provisioning (PCP) versions 12.2 et antérieures | ||
| Cisco | IP Phone | Cisco IP Phone series 6800, 7800 et 8800 avec un micorgiciel Multiplatform version antérieure à 11.1(2) | ||
| Cisco | N/A | Unified Contact Center Express (UCCx) | ||
| Cisco | N/A | Finesse | ||
| Cisco | Unity Connection | Unity Connection | ||
| Cisco | N/A | Unified Communication Manager Session Management Edition (SME) |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Prime Collaboration Assurance",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "MediaSense",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Prime Collaboration Provisioning",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE versions Fuji 16.7.1 ou Fuji 16.8.1 configur\u00e9es pour utiliser l\u0027authentification AAA",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Meeting Server (CMS) 2000 ex\u00e9cutant une version logicielle CMS ant\u00e9rieures \u00e0 2.2.13 ou 2.3.4.",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Intelligence Center (UIC)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Emergency Responder",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Hosted Collaboration Mediation Fulfillment",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Prime License Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Manager (UCM)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Virtualized Voice Browser",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Manager IM and Presence Service (IM\u0026P)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Network Services Orchestrator (NSO) versions 4.1 \u00e0 4.1.6.0, 4.2 \u00e0 4.2.4.0, 4.3 \u00e0 4.3.3.0 et 4.4 \u00e0 4.4.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "SocialMiner",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS avec une version 10.5.1, 10.5.2 ou 11.0.0 du logiciel WSA",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Collaboration Provisioning (PCP) versions 12.2 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Phone series 6800, 7800 et 8800 avec un micorgiciel Multiplatform version ant\u00e9rieure \u00e0 11.1(2)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Contact Center Express (UCCx)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Finesse",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unity Connection",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communication Manager Session Management Edition (SME)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-0320",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0320"
},
{
"name": "CVE-2018-0317",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0317"
},
{
"name": "CVE-2018-0274",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0274"
},
{
"name": "CVE-2018-0321",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0321"
},
{
"name": "CVE-2018-0319",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0319"
},
{
"name": "CVE-2017-6779",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6779"
},
{
"name": "CVE-2018-0296",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0296"
},
{
"name": "CVE-2018-0318",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0318"
},
{
"name": "CVE-2018-0263",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0263"
},
{
"name": "CVE-2018-0316",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0316"
},
{
"name": "CVE-2018-0315",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0315"
},
{
"name": "CVE-2018-0322",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0322"
},
{
"name": "CVE-2018-0353",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0353"
}
],
"initial_release_date": "2018-06-07T00:00:00",
"last_revision_date": "2018-06-07T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-270",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-07T00:00:00.000000"
},
{
"description": "Version initiale",
"revision_date": "2018-06-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-cms-id du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-bypass du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-password-recovery du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-multiplatform-sip du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-diskdos du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-asaftd du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-sql du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-sql"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-access du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-access"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-aaa du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-wsa du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-password-reset du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-nso du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-rmi du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-rmi"
}
]
}
CERTFR-2017-AVI-160
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco UCS C-Series Rack Servers | ||
| Cisco | N/A | Cisco Remote Expert Manager | ||
| Cisco | N/A | Commutateurs Ethernet Cisco Industrial séries 1000 | ||
| Cisco | N/A | Cisco Policy Suite versions antérieures à 11.1.0, 12.0.0 et 12.1.0 | ||
| Cisco | N/A | Cisco Prime Collaboration Provisioning versions antérieures à 12.1 | ||
| Cisco | N/A | Cisco TelePresence IX5000 Series versions antérieures à 8.2.1 | ||
| Cisco | N/A | Cisco FirePOWER System | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine (ISE) | ||
| Cisco | N/A | Commutateurs Cisco Nexus séries 5000 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager | ||
| Cisco | IP Phone | Cisco IP Phone 8851 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco UCS C-Series Rack Servers",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Remote Expert Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Ethernet Cisco Industrial s\u00e9ries 1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Policy Suite versions ant\u00e9rieures \u00e0 11.1.0, 12.0.0 et 12.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Collaboration Provisioning versions ant\u00e9rieures \u00e0 12.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence IX5000 Series versions ant\u00e9rieures \u00e0 8.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FirePOWER System",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine (ISE)",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Cisco Nexus s\u00e9ries 5000",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Phone 8851",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-6632",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6632"
},
{
"name": "CVE-2017-6650",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6650"
},
{
"name": "CVE-2017-6645",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6645"
},
{
"name": "CVE-2017-6623",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6623"
},
{
"name": "CVE-2017-6642",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6642"
},
{
"name": "CVE-2017-6652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6652"
},
{
"name": "CVE-2017-6647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6647"
},
{
"name": "CVE-2017-6621",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6621"
},
{
"name": "CVE-2017-6636",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6636"
},
{
"name": "CVE-2017-6637",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6637"
},
{
"name": "CVE-2017-6622",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6622"
},
{
"name": "CVE-2017-6635",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6635"
},
{
"name": "CVE-2017-6630",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6630"
},
{
"name": "CVE-2017-6654",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6654"
},
{
"name": "CVE-2017-6646",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6646"
},
{
"name": "CVE-2017-6649",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6649"
},
{
"name": "CVE-2017-6653",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6653"
},
{
"name": "CVE-2017-6641",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6641"
},
{
"name": "CVE-2017-6644",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6644"
},
{
"name": "CVE-2017-6633",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6633"
},
{
"name": "CVE-2017-6634",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6634"
},
{
"name": "CVE-2017-6643",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6643"
}
],
"initial_release_date": "2017-05-18T00:00:00",
"last_revision_date": "2017-05-18T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp5 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp5"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem1 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp3 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp3"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ucm du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-fpwr du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-fpwr"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-sip du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-telepresence-ix5000 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-telepresence-ix5000"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem2 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ucsc du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-cps du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-cps"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ie1000csrf du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ie1000csrf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp4 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp4"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem5 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem5"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem7 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem7"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp2 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem3 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem3"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-nss du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp1 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-nss1 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ise du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ise"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem4 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem4"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem6 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem6"
}
],
"reference": "CERTFR-2017-AVI-160",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-05-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ie1000csrf du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem3 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-nss du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem2 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem5 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-telepresence-ix5000 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem7 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-sip du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem6 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp4 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp5 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem1 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp2 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp1 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ise du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-cps du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ucm du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ucsc du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-nss1 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem4 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-fpwr du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp3 du 17 mai 2017",
"url": null
}
]
}
CERTFR-2016-AVI-284
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Firepower Management Center version 5.3.0 sans le dernier correctif de sécurité | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine version 1.3(0.876) sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Firepower Management Center version 5.3.0.2 sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions antérieures à 5.3.0.3 | ||
| Cisco | N/A | Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions antérieures à 6.0.0 | ||
| Cisco | N/A | Cisco Firepower Management Center version 5.3.1 sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Firepower Management Center version 5.2.0 sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco APIC-EM versions antérieures à 1.2 | ||
| Cisco | N/A | Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions 5.4.x antérieures à 5.4.1 | ||
| Cisco | N/A | Cisco Firepower Management Center version 5.4.0 sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Aironet 1800, 2800, et 3800 AP platforms versions antérieures à 8.2.110.0, 8.2.121.0 ou 8.3.102.0 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager version 11.5 sans le dernier correctif de sécurité | ||
| Cisco | IP Phone | Cisco IP Phone 8800 Series version 11.0(1) sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions 5.4.0.x antérieures à 5.4.0.1 | ||
| Cisco | N/A | Cisco Firepower Management Center version 4.10.3 sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions antérieures à 5.3.1.2 | ||
| Cisco | N/A | Cisco WebEx Meetings Server version 2.6 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Firepower Management Center version 5.3.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine version 1.3(0.876) sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center version 5.3.0.2 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions ant\u00e9rieures \u00e0 5.3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions ant\u00e9rieures \u00e0 6.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center version 5.3.1 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center version 5.2.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco APIC-EM versions ant\u00e9rieures \u00e0 1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions 5.4.x ant\u00e9rieures \u00e0 5.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center version 5.4.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1800, 2800, et 3800 AP platforms versions ant\u00e9rieures \u00e0 8.2.110.0, 8.2.121.0 ou 8.3.102.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager version 11.5 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Phone 8800 Series version 11.0(1) sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions 5.4.0.x ant\u00e9rieures \u00e0 5.4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center version 4.10.3 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions ant\u00e9rieures \u00e0 5.3.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WebEx Meetings Server version 2.6 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1458",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1458"
},
{
"name": "CVE-2016-6361",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6361"
},
{
"name": "CVE-2016-1457",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1457"
},
{
"name": "CVE-2016-6363",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6363"
},
{
"name": "CVE-2016-6362",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6362"
},
{
"name": "CVE-2016-1485",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1485"
},
{
"name": "CVE-2016-1479",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1479"
},
{
"name": "CVE-2016-6365",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6365"
},
{
"name": "CVE-2016-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1365"
},
{
"name": "CVE-2016-6364",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6364"
},
{
"name": "CVE-2016-1484",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1484"
}
],
"initial_release_date": "2016-08-18T00:00:00",
"last_revision_date": "2016-08-23T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-firepowermc du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepowermc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-aap1 du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-aap2 du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-apic du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-firepower du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepower"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-ippdu 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ipp"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-ucm du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-ise du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ise"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-fmc du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-aap du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-wms1 du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-wms1"
}
],
"reference": "CERTFR-2016-AVI-284",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-08-18T00:00:00.000000"
},
{
"description": "changement \u0027Cisco APIC-EM version 1.0 sans le dernier correctif de s\u00e9curit\u00e9\u0027 \u00e0 \u0027Cisco APIC-EM versions ant\u00e9rieures \u00e0 1.2\u0027 dans syst\u00e8mes affect\u00e9s",
"revision_date": "2016-08-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-ise du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-aap2 du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-firepowermc du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-aap1 du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-firepower du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-apic du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-ucm du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-ippdu 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-aap du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-wms1 du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-fmc du 17 ao\u00fbt 2016",
"url": null
}
]
}
CERTFR-2016-AVI-209
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Aironet 1850e Access Point exécutant le logiciel Cisco Aironet Access Point versions antérieures à 8.2(110.0) | ||
| Cisco | N/A | Cisco Aironet 3800 Series Access Point exécutant le logiciel Cisco Aironet Access Point versions antérieures à 8.2(110.0) | ||
| Cisco | N/A | Cisco Aironet 1830e Access Point exécutant le logiciel Cisco Aironet Access Point versions antérieures à 8.2(110.0) | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller (APIC) Software versions antérieures à 1.3(2f) | ||
| Cisco | N/A | Cisco RV110W Wireless-N VPN Firewall versions antérieures à 1.2.1.7 | ||
| Cisco | N/A | Cisco Aironet 1850i Access Point exécutant le logiciel Cisco Aironet Access Point versions antérieures à 8.2(110.0) | ||
| Cisco | N/A | Cisco Aironet 1830i Access Point exécutant le logiciel Cisco Aironet Access Point versions antérieures à 8.2(110.0) | ||
| Cisco | IP Phone | Téléphones Cisco IP Phone 8800 Series version 11.0(1) | ||
| Cisco | N/A | Cisco RV130W Wireless-N Multifunction VPN Router versions antérieures à 1.0.3.16 | ||
| Cisco | N/A | Cisco RV215W Wireless-N VPN Router versions antérieures à 1.3.0.8 | ||
| Cisco | N/A | Plateformes Cisco Access Point exécutant le logiciel version 8.2(102.43) | ||
| Cisco | N/A | Cisco Aironet 2800 Series Access Point exécutant le logiciel Cisco Aironet Access Point versions antérieures à 8.2(110.0) |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Aironet 1850e Access Point ex\u00e9cutant le logiciel Cisco Aironet Access Point versions ant\u00e9rieures \u00e0 8.2(110.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 3800 Series Access Point ex\u00e9cutant le logiciel Cisco Aironet Access Point versions ant\u00e9rieures \u00e0 8.2(110.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1830e Access Point ex\u00e9cutant le logiciel Cisco Aironet Access Point versions ant\u00e9rieures \u00e0 8.2(110.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller (APIC) Software versions ant\u00e9rieures \u00e0 1.3(2f)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV110W Wireless-N VPN Firewall versions ant\u00e9rieures \u00e0 1.2.1.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1850i Access Point ex\u00e9cutant le logiciel Cisco Aironet Access Point versions ant\u00e9rieures \u00e0 8.2(110.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1830i Access Point ex\u00e9cutant le logiciel Cisco Aironet Access Point versions ant\u00e9rieures \u00e0 8.2(110.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "T\u00e9l\u00e9phones Cisco IP Phone 8800 Series version 11.0(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV130W Wireless-N Multifunction VPN Router versions ant\u00e9rieures \u00e0 1.0.3.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV215W Wireless-N VPN Router versions ant\u00e9rieures \u00e0 1.3.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Plateformes Cisco Access Point ex\u00e9cutant le logiciel version 8.2(102.43)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 2800 Series Access Point ex\u00e9cutant le logiciel Cisco Aironet Access Point versions ant\u00e9rieures \u00e0 8.2(110.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-4956",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4956"
},
{
"name": "CVE-2016-4953",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4953"
},
{
"name": "CVE-2016-1403",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1403"
},
{
"name": "CVE-2016-1397",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1397"
},
{
"name": "CVE-2016-4957",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4957"
},
{
"name": "CVE-2016-4955",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4955"
},
{
"name": "CVE-2016-1420",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1420"
},
{
"name": "CVE-2016-1395",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1395"
},
{
"name": "CVE-2016-4954",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4954"
},
{
"name": "CVE-2016-1421",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1421"
},
{
"name": "CVE-2016-1396",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1396"
},
{
"name": "CVE-2016-1418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1418"
},
{
"name": "CVE-2016-1419",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1419"
},
{
"name": "CVE-2016-1398",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1398"
}
],
"initial_release_date": "2016-06-16T00:00:00",
"last_revision_date": "2016-06-16T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160603-ntpd du 03 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160603-ipp du 03 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160606-aap du 06 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160606-aap"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160609-apic du 09 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160609-ipp du 09 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv3 du 15 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv3"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv1 du 15 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv du 15 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160608-aironet du 09 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160608-aironet"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv2 du 15 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2"
}
],
"reference": "CERTFR-2016-AVI-209",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-06-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv2 du 15 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv du 15 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv1 du 15 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160609-apic du 09 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160606-aap du 06 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160609-ipp du 09 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv3 du 15 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160603-ipp du 03 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160603-ntpd du 03 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160608-aironet du 09 juin 2016",
"url": null
}
]
}
CERTFR-2014-AVI-161
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans plusieurs produits Cisco. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IP Phone | Cisco Unified 8961 IP Phone | ||
| Cisco | IOS XE | Cisco IOS XE | ||
| Cisco | IOS | Cisco AnyConnect Secure Mobility Client for iOS | ||
| Cisco | N/A | Cisco WebEx Meetings Server versions 2.x | ||
| Cisco | IP Phone | Cisco Unified 9971 IP Phone | ||
| Cisco | N/A | Cisco TelePresence Conductor | ||
| Cisco | N/A | Cisco Mobility Service Engine (MSE) | ||
| Cisco | IP Phone | Cisco Unified 9951 IP Phone | ||
| Cisco | N/A | Cisco Unified Communication Manager (UCM) 10.0 | ||
| Cisco | N/A | Cisco Desktop Collaboration Experience DX650 | ||
| Cisco | N/A | Cisco Unified 7800 series IP Phones | ||
| Cisco | N/A | Small Cell factory recovery root filesystem V2.99.4 et ultérieures | ||
| Cisco | N/A | Cisco TelePresence Video Communication Server (VCS) | ||
| Cisco | N/A | Cisco Universal Small Cell 5000 Series running V3.4.2.x software | ||
| Cisco | N/A | Cisco Universal Small Cell 7000 Series running V3.4.2.x software | ||
| Cisco | N/A | Cisco MS200X Ethernet Access Switch |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified 8961 IP Phone",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AnyConnect Secure Mobility Client for iOS",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WebEx Meetings Server versions 2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified 9971 IP Phone",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Conductor",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Mobility Service Engine (MSE)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified 9951 IP Phone",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communication Manager (UCM) 10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Desktop Collaboration Experience DX650",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified 7800 series IP Phones",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Small Cell factory recovery root filesystem V2.99.4 et ult\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Video Communication Server (VCS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Universal Small Cell 5000 Series running V3.4.2.x software",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Universal Small Cell 7000 Series running V3.4.2.x software",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco MS200X Ethernet Access Switch",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0160",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0160"
}
],
"initial_release_date": "2014-04-09T00:00:00",
"last_revision_date": "2014-04-11T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140409-heartbleed du 09 avril 2014",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 OpenSSL du 07 avril 2014",
"url": "https://www.openssl.org/news/secadv_20140407.txt"
}
],
"reference": "CERTFR-2014-AVI-161",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-04-09T00:00:00.000000"
},
{
"description": "mise \u00e0 jour des syst\u00e8mes affect\u00e9s.",
"revision_date": "2014-04-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans plusieurs produits \u003cspan\nclass=\"textit\"\u003eCisco\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans plusieurs produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140409-heartbleed du 09 avril 2014",
"url": null
}
]
}
CERTA-2013-AVI-020
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans Cisco Unified IP Phone. Elle permet à un attaquant de provoquer une exécution de code arbitraire au moyen d'appels systèmes spécialement conçus.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IP Phone | Cisco Unified IP Phone 7970G | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7962G | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7942G | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7961G | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7971G | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7911G | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7906G | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7945G | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7975G | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7931G | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7941G | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7965G |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified IP Phone 7970G",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7962G",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7942G",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7961G",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7971G",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7911G",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7906G",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7945G",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7975G",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7931G",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7941G",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7965G",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-5445",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5445"
}
],
"initial_release_date": "2013-01-10T00:00:00",
"last_revision_date": "2013-01-10T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-020",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eCisco Unified\nIP Phone\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire au moyen d\u0027appels syst\u00e8mes sp\u00e9cialement con\u00e7us.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco Unified IP Phone",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 CISCO CSCuc83860 du 09 janvier 2013",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone"
}
]
}
CERTA-2011-AVI-328
Vulnerability from certfr_avis
Plusieurs vulnérabilités permettant une élévation de privilège ainsi qu'un contournement de la politique de sécurité ont été découvertes dans différents produits de la gamme Cisco Unified IP Phones 7900 Series.
Description
Trois failles ont été découvertes dans plusieurs produits de la gamme Cisco Unified IP Phones 7900 Series.
Deux de ces failles (CVE-2011-1602 et CVE-2011-1603) permettent à une personne malintentionnée d'élever ses privilèges et, ainsi, de modifier la configuration du poste, voir d'obtenir des informations sensibles.
La troisième faille (CVE-2011-1637) permet à un utilisateur malintentionné de contourner la vérification des signatures de l'image logicielle chargée sur le téléphone.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IP Phone | Cisco Unified IP Phone 7961G-GE ; | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7942G ; | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7961G ; | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7941G ; | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7971G-GE ; | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7941G-GE ; | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7965G ; | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7911G ; | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7945G ; | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7906G ; | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7975G ; | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7931G ; | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7970G ; | ||
| Cisco | IP Phone | Cisco Unified IP Phone 7962G ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified IP Phone 7961G-GE ;",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7942G ;",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7961G ;",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7941G ;",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7971G-GE ;",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7941G-GE ;",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7965G ;",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7911G ;",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7945G ;",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7906G ;",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7975G ;",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7931G ;",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7970G ;",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified IP Phone 7962G ;",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nTrois failles ont \u00e9t\u00e9 d\u00e9couvertes dans plusieurs produits de la gamme\nCisco Unified IP Phones 7900 Series.\n\nDeux de ces failles (CVE-2011-1602 et CVE-2011-1603) permettent \u00e0 une\npersonne malintentionn\u00e9e d\u0027\u00e9lever ses privil\u00e8ges et, ainsi, de modifier\nla configuration du poste, voir d\u0027obtenir des informations sensibles.\n\nLa troisi\u00e8me faille (CVE-2011-1637) permet \u00e0 un utilisateur\nmalintentionn\u00e9 de contourner la v\u00e9rification des signatures de l\u0027image\nlogicielle charg\u00e9e sur le t\u00e9l\u00e9phone.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-1603",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1603"
},
{
"name": "CVE-2011-1602",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1602"
},
{
"name": "CVE-2011-1637",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1637"
}
],
"initial_release_date": "2011-06-03T00:00:00",
"last_revision_date": "2011-06-03T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-328",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-06-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant une \u00e9l\u00e9vation de privil\u00e8ge ainsi\nqu\u0027un contournement de la politique de s\u00e9curit\u00e9 ont \u00e9t\u00e9 d\u00e9couvertes dans\ndiff\u00e9rents produits de la gamme \u003cspan class=\"textit\"\u003eCisco Unified IP\nPhones 7900 Series\u003c/span\u003e.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans les postes t\u00e9l\u00e9phoniques Cisco Unified Phones 7900 Series",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20110601-phone du 01 juin 2011",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20110601-phone.shtml"
}
]
}
CERTA-2007-AVI-141
Vulnerability from certfr_avis
Une vulnérabilité présente dans les téléphones IP CISCO 7940 et 7960 permet à un individu de réaliser un déni de service à distance.
Description
Un manque de vérification du champ sipURI au moment de l'envoi d'un message INVITE permettrait à un individu malintentionné de faire redémarrer l'équipement à distance par le biais d'un message INVITE spécialement conçu.
Solution
La version 8.6 du micrologiciel corrige le problème. La dernière version du micrologiciel pour les téléphones IP CISCO 7940 et 7960 est téléchargeable à l'adresse suivante :
http://www.cisco.com/pcgi-bin/tablebuild.pl/sip-ip-phone7960?psrtdcat20e2
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CISCO IP Phone 7940/7960 ex\u00e9cutant le micrologiciel 7.4.",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUn manque de v\u00e9rification du champ sipURI au moment de l\u0027envoi d\u0027un\nmessage INVITE permettrait \u00e0 un individu malintentionn\u00e9 de faire\nred\u00e9marrer l\u0027\u00e9quipement \u00e0 distance par le biais d\u0027un message INVITE\nsp\u00e9cialement con\u00e7u.\n\n## Solution\n\nLa version 8.6 du micrologiciel corrige le probl\u00e8me. La derni\u00e8re version\ndu micrologiciel pour les t\u00e9l\u00e9phones IP CISCO 7940 et 7960 est\nt\u00e9l\u00e9chargeable \u00e0 l\u0027adresse suivante :\n\n http://www.cisco.com/pcgi-bin/tablebuild.pl/sip-ip-phone7960?psrtdcat20e2\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2007-03-27T00:00:00",
"last_revision_date": "2007-03-27T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco ID 87392 du 20 mars 2007 :",
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20070320-sip.shtml"
}
],
"reference": "CERTA-2007-AVI-141",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-03-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans les t\u00e9l\u00e9phones IP CISCO 7940 et 7960\npermet \u00e0 un individu de r\u00e9aliser un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les t\u00e9l\u00e9phones CISCO 7940/7960",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 CISCO ID 87392 du 20 mars 2007",
"url": null
}
]
}